Founded By: | _ _______
Guardian Of Time | __ N.I.A. _ ___ ___ Are you on any WAN? are
Judge Dredd | ____ ___ ___ ___ ___ you on Bitnet, Internet
------------------+ _____ ___ ___ ___ ___ Compuserve, MCI Mail,
\ / ___ ___ ___ ___ ___________ Sprintmail, Applelink,
+---------+ ___ ___ ___ ___ ___________ Easynet, MilNet,
| 06MAR91 | ___ ______ ___ ___ ___ FidoNet, et al.?
| File 71 | ___ _____ ___ ___ ___ If so please drop us a
+---------+ ____ _ __ ___ line at
/ \ ___ _ ___ elisem@nuchat.sccsi.com
------------------+ __
Editors: | _ Network Information Access
Judge Dredd | Ignorance, There's No Excuse.
Lord Macduff |
------------------+ Issue 071 :: Volume 02
"The liberty of the press is not confined to newspapers and periodicals.
It necessarily embraces pamphlets and leaflets....The press in its
historical connotation comprehends every sort of publication which
affords a vehicle of information and opinion."
-- Lowell v. City of Griffin, 303 U.S. 444, 452 (1938), quoted by Mike
Godwin in comp.org.eff.talk
=============================================================================
1. Index .......................................................NIA Editors
2. Analysis of the 4-wire Line - An Explanation ........Donald E. Kimberlin
3. Using the UK Academic Network PSS Gateway ......Scantronics Publications
4. DoD Trusted System Evaluation Criteria [02/02] ..............Judge Dredd
5. List of Texas Internet Sites ...............................Lord Macduff
6. Steve Jackson Games vs. Secret Service....................EFF Foundation
7. Editor's Comments ...........................................NIA Editors.
============================================================================
/ /
/ File 02 / NIA071 /
/ The Four Line - An Explanation /
/ Donald E. Kimberlin /
/ /
[Editoral Info: Mr. Kimberlin has been a broadcasting engineer since 1957, with
added time at AT&T in international communications, later
at ITT preforming the same work with international cables and
satellites. Then manufacturers of communications equipmnet
as an export marketer to the government PTT's of 70 countries
on five continents.]
It seems many participants thought such a transmission circuit is
a rather special form of transmission medium; one infrequently used
and perhaps of exceedingly high cost. What follows is an attempt to
describe what is actually a rather common and age-old technique in a
way that might help readers know how to use it for their own benefit.
Most people involved with telephony have only been exposed to
local use, adn even local subscriber line physical plant, where a
single pair of wires is used for a dial subscriber line for one over-
riding reason: The cost of providing service to the majority of users,
people who simply want dial voice-grade telephone service.
Were the local telephone exchanges to use a "four-wire line" to
each and every subscriber, we could have a far more idealized Public
Switched Telephone Network (PSTN - the proper CCITT name). We in the
US often mistitle the PSTN as "DDD," which actually is the Bell
acronym for Direct Distance Dialing (long-distance subscriber dialing,
called STD in the UK, or a close equivalent in other nations).
Transmission losses could have historically been much less, as there
would be no echoes to combat. We would transmit in one direction on
one pair and transmit in the other direction on the other, without
interaction between the two directions. However, to provide such a
plant would require double the literally millions of tones of copper
wire that have been installed worldwide. The economic cost factors
are obvious. Paying for the local cable plant has been a major cost
factor for public telephone networks worldwide. (Other alternatives
such as fiber and coaxial cable used by cable TV companies are making
some change, but the millions of tons of copper are already there ...
and ISDN is planned in a way to try to continue to use that imbedded
investment.
So, a local telephone plant uses only one pair per subscriber.
In engineering terms, it is far from a perfect transmission line. The
main reason is that no transmission line operates at its normal
electrical "impedance" until it is a significant portion of an
electrical wavelength of the signal it carries. Studying a beginning
physics book will show that one wavelength at 3000 Hertz in a perfect
line is 61 miles, and at 300 Hertz, it would be 610 miles! (Another
factor called the "propagation velocity" even stretches this _much_
more in practical wire.) Obviously, to have even reasonably
well-matched wire would not be reasonable, and it wasn't at all
economical in the developmental era of the PSTN. So, this network
evolved assuming some very large tradeoffs were needed.
An electrical transmission line has one interesting
characteristic just opposite from water pipes or acoustical guides
(hollow tubes). Instead of an open distant end letting all the energy
spill out, an open-ended electrical line _reflects_ all its received
power back toward the source. A shorted line absorbs all the energy
(as you find out when you short a power line and blow the fuse!).
What this characteristic means to telephone transmission is that with
lines as short as they must be in local plant, echoes are reflected
back toward the speaker, subject only to the losses they incur
rattling back and forth. They really are pretty high, but we don't
notice them. The reason: Echoes that return to our ear in less than
about 10-15 thousandths of a second are heard by us a part of the
outbound signal ... we just don't hear them. Local connections are
short enough that for general telephony, echoes can be largely
discounted, even thought they are there.
Very early in the development of longer transmission paths, it
was learned that transmission losses mount rapidly when one really
does have miles and miles of wire to talk on. In intercity
transmission lines, use of electronics to amplify the signal as
intervals was seen to be mandatory to achieve commercially successful
"long lines." Thus, as soon as the three-electrode vacuum tube was
available, the telephone industry had a very real interest in it, and
pressed to realize its use as soon as possible. (In fact, a Bell Labs
worker contributed "negative feedback" to the early vacuum-tube
circuitry, making the "tube" a controllable, useful technology instead
of a physics lab curio.)
But, the vacuum tube (as its descendant, the transistor) has one
limitation. It can pass a signal in only one direction, a
characteristic that happens to match that idealized "four-wire"
transmission line. So, "long lines" very early on (in the 1910-15
time frame) all became "four-wire lines."
They did, however, have to interface to the echo-prone and less
controllable local "two-wire" (single pair) telephone networks. The
method devised was the "hybrid," in telephony mostly an arrangement of
trans- formers that had three windings, one for the local two-wire
side and one each for the sending and receiving "long lines." Now,
echoes were a real problem. Not only would echoes from the local
two-wire line take long enough to return to the distant city to be
heard, but impedance mismatching of the two-wire local line to the
transformer could cause received distant signals to reflect right in
the transformer back down the transmitting channel as well. "Echo
control" became a major topic in handling "long lines." (The trick is
to add a fourth winding set to the transformer with an "artificial
line" that is adjusted to create the match. In telephony, its name is
a "balancing network."
All this sort of work was at first (and for decades) the work of
the "long lines" people. Very little of it was in the hands of the
local people. The "long lines" people were AC and electronics people,
while the local people were DC and electrical people. The oeprational
reasons for having a "Long Lines Department" are obvious in this
context.
As multichannel "carrier systems" evolved (and early, too,
beginning around 1915 between Toledo, Ohio and South Bend, Indiana in
the US), their intrinsic electronic transmission using vacuum tubes
made a "four-wire" (of virtual wires, certainly) a commonplace in
intercity transmission. And every "carrier system" since the
beginning has been made of "four-wire" paths ... set up in pairs of
channels, one for each direction of transmission, needing that
"hybrid" function at each end to connect to the local plant.
In intercity (and more so international) carrier systems, a
"line" transiting a junction point can be (and is) connected on a
"four-wire" basis, either _through_ a "four wire switching machine"
for PSTN temporary connections, or hard-wired _around_ the switching
machine if the use is a semi-permanent "special services" circuit,
like a dedicated data line or indeed, a permanent speech circuit, as
is CNN's "four-wire line," our subject here. At the end points, one
local pair is used for each direction of transmission ... at a price
reflective of using twice the local plant. Local wire pairs ...
"loops" ... for "special services" are expensive to rent. After all,
they are no longer available for the local telco to derive PSTN
revenue on. If reaching the "long lines" point of presence (now
called a "POP" in American jargon) requires use of local wire
(nowadays local carrier channels) across a city, these are no longer
available for "trunk" use between local PSTN exchanges, considerable
revnue potential is lost, and is going to be paid for. Thus, many
speech-only "private circuits" do have a hybrid in the "POP" and use
only one local pair anyway ... but are STILL "four wire channels"
between cities.
The British have some excellent descriptive terminology we
Americans never developed. They speak of transmission circuits as
"two wire presented" or "four wire presented" to the end user. These
terms, of course recognize that long circuits are all "four wire,"
regardless of how they are 'presented" to the end user.
What are the advantages of "four wire presentation?" Avoidance of
the electrical echo bugaboo. And, part of the "control" of echoes in
"two-wire presentations" is to deliberately insert transmission loss
to make the echoes a bit lower, so "four wire presented" channels can
have less loss and sound louder ... and deliver the received signal
higher above the noise ... making the signal sound "cleaner." This of
course is why high-quality dedicated data circuits are four-wire
presented ... to give the modem signals the most advantage possible.
Hopefully, if you have persisted through this longish
explanation, you now know that the "four wire line" is indeed not rare
at all. Rather, it is the norm between cities, and especially between
nations. You know it isn't new. It's just that most people have
never seen one. Improvements in the local plant (including widespread
deployment of digital carrier, the "T" carrier so often spoken of
today) have made extension of the "four-wire line" right into your
local exchange a reality in most places, so even your PSTN phone
sounds much louder and cleaner than it did twenty years ago. That's
what solid-state electronics coupled to digital transmission did for
us all.
Those who really _needed_ the advantages of "four-wire" have used
it for a long time. Major examples were the FAA's network of
dedicated lines that had to be interconnected at random (reflected in
Bell parlance as the "FAA 300-type switching system), and the US
military's AUTOVON network. While AUTOVON was based on four-wire
switching machines throughout right to four-wire telephone sets,
economics even there forced the allowance of two-wire user lines and
telephones for voice-only stations, and many AUTOVON lines wound up
being four-wire. But, AUTOVON also has many "four-wire" user stations
where dedicated-line type "full-duplex' data modems can be used.
For those who really want to learn more, I recommend the following books:
1.) "Basic Carrier Telephony" by David Talley, a real chestnut
of telephone transmission for the non-technical reader who is
weak on physics. Originally published by Hayden Book Company
as their stock number 5749 (Library of Congress catalog number
60-10470 in its second edition, I understand that Wiley in
New York has republished it and finds several Telcos use it for
textbook for technicians.
2.) "Understanding Communications Systems," by Don L. Cannon and
Gerald Luecke, originally published and sold by Radio Shack
stores as part number 62-2018 (ISBN 0-89512-035-6) for $2.95,
this book has been republished by Howard Sams at Indianapolis
for about six times the price in hardback. It uses far less
classic "telephonese" but has excellent ways of showing how
analog and digital transmission are far more related than most
non-technical people can understand.
I recommend both of these books to the harried educators on here
who are frustrated in finding short texts for introductory curricula.
============================================================================
/ /
/ FILE 03 / NIA071 /
/ Scantronics Publications /
/ How to Use the U.K. Academic Network /
/ Packet SwitchStream (PSS) Gateway /
/ and PSS Address List /
/ Submitted By: /.
The Gateway consists of a computer which holds a communications program and
sits between two networks (JANET and PSS in this case). This allows the
user to bridge the gap between the networks and access target computers on
the other network. It is important to realise that there are two ways of
communicating with the Gateway - you can make calls TO the Gateway computer
to access its limited user facilities or you can make calls THROUGH it to a
target computer on the other network.
The Gateway operates as a Transport Level Gateway in accordance with the
'Yellow Book' Transport Service. However the present implementation does
not have a full Transport Service and therefore, there are some limitations
in the service provided. For X29 which is incompatible with the Yellow Book
Transport Service, special facilities are provided for the input of user
identification and addresses.
The Gateway is a protocol transparent link. This means that the Gateway
cannot be used for protocol conversion; to do this a third party machine
must be used.
__________________
2.1 Your Contacts
If you have any problems, or if you want additional information contact the
JANET Network Executive. You can reach them at the following address:-
* By Post at . . . . . . . Network Executive,
c/o Rutherford Appleton Laboratory,
Chilton,
Didcot,
OXON.
OX11 0QX
* By Electronic MAIL to . . PSS Gateway Support@RL.GB
The network address for RL.GB is 00000000210
5
* By Telephone on . . . . . Abingdon (O235) 446748
How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway
_______________________________________________________
3. Summary of Facilities Available across the Network
The network offers a number of facilities. These are listed below for your
information.
* Facilities Provided by the Gateway Machine
- Help Facility
- Accounting Facility
* Facilities Available on the Way Through the Gateway
- Demonstration Facility
- Addresses and Mnemonics
* Facilities Available on PSS
- Fast Select Facility
- Reverse Charge Facility
- Access to IPSS (International Packet Switch Stream)
- Calls to Other, Non-Transport Service Networks
* Protocols Available if Supported by Both Local and Remote Host Machine
s
- Network Independent File Transfer Protocol (FTP)
- JNT MAIL Protocol
- Job Transfer and Manipulation Protocol (JTMP)
__________________________________
4. Permission to Use the Gateway
_____________________________________
4.1 Authentication and Authorisation
No unauthenticated use of the Gateway from JANET is allowed regardless of
whether charges are incurred at the Gateway or not. Therefore to use the
Gateway you have to obtain authentication (a userid and password) and
authorisation (a call allocation) from the JANET Network Executive. This
consists of:
a. USERID
b. PASSWORD
c. USAGE ALLOCATION
Note that the authorisation for PSS and IPSS is managed separately, although
a single USERID may have authoristation for both.
There is no restriction on access from PSS.
How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway
____________________________
4.2 Charging and Accounting
There are 4 separate charging rates, which are:
PSS full rate: PSS (FULL)
PSS discount rate: PSS (DISC)
TLXN: Telex access via Interstream 1.
IPSS full rate: IPSS (FULL)
Note that the TELEX access is expensive, as the cost includes the use of
PSS, Interstream 1 and TELEX. Anyone who is interested in TELEX access
should first discuss it with the Network Executive.
To be able to make chargeable calls you must request a call allocation to
cover the charging rates you want to use when you ask for your
authentication. For calls that are free e.g. calls within JANET or normal
charge calls from PSS you do not need an allocation.
The PSS discount rate applies from 1800 to 0800 each night and all day on
Sundays, Christmas Day and New Year's Day. The PSS full rate applies at ALL
OTHER times. The IPSS full rate applies at ALL times for international
calls. For details of the international rates to various countries consult
Network User Note 2.
If your allocation runs out during an active call, then that call will be
cleared and all further calls at that rate will be refused.
______________________________________________
5. How to Make Terminal Calls to the Gateway
It is possible to make calls to the Gateway to access the HELP and ACCOUNT
facilities.
The HELP facility contains the whole of this user guide in its most uptodate
form. The facility allows random scans of the document and searches for
text within the document.
The Account facility allows the user to inspect the state of his account and
to change the password for that account.
_____________________________________
How to make contact with the Gateway.
If you are calling the RAL Gateway from PSS use the DTE address
234223519191.
If you are calling the RAL Gateway from JANET use the DTE address
000000000040.
If you are calling the London Gateway from PSS use the DTE address
234219200100.
If you are calling the London Gateway from JANET use the DTE address
000040000040.
Make a terminal call to the Gateway.
How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway
A title message will appear on the terminal announcing the Gateway, followed
by the lines:
OS4000+Rlix V30 PSS Gateway
Logging in
user
If nothing appears, keep pressing until the above message
appears.
It is now possible to log in and use the Help or Account facilities. For
details of these facilities see section 7 of this document.
___________________________________________________
6. How to Make Terminal Calls Through the Gateway
The method used to make a call through the Gateway depends on the type of
PAD being used. If your PAD supports TS29 the procedure is simplified as
this protocol allows you to make calls that can cross several networks via
several Gateways. If your PAD supports X29 then if you wish to cross
several Gateways you normally have to stop at each one before you can pass
through it. However a special facility is provided using the Call User Data
Field to allow X29 calls non-stop through the JANET PSS Gateway.
Whichever protocol your PAD supports, you must have some way of generating a
Transport Service Called Address for onward routing by the Gateway.
_________________________________________
6.1 The Transport Service Called Address
To make a call through the Gateway you have to supply the following
information in the form of a Transport Service Called Address to your local
PAD.
a. Netname: the name of the network you are calling.
b. Authentication: consisting of Userid and Password in that order.
This can be omitted for free calls.
c. Host address: the network address of the remote host.
The format of the Transport Service Called Address is as follows:
().
These are explained below.
_______
Netname
This is one of the following:
JANET to connect to JANET
PSS to connect to PSS
J an alias for JANET.
How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway
______________
Authentication
This consists of 3 fields which must be entered in the order shown.
a. user id,
b. password,
c. A request for the call to be reverse charged.
The last field is optional.
____
Note that the whole authentication string must be enclosed in parentheses.
_______
Example
(FRED,XYZ,R) Requests a reverse charge call
(FRED,XYZ) Requests a chargeable call.
____________
Host Address
This is the numeric address of the machine being called. However to make
things easier the numeric address can be replaced with an alphanumeric
mnemonic if one has been set up on the Gateway.
_______
Example
use RLGB instead of 000000002105 to call the Rutherford GEC 'B' machine
use SALF instead of 234261643210 to call Salford on PSS.
For a list of these mnemonics see JANET User Notes 5 and 6.
Host addresses can be complex and it is possible to specify several Gateways
that you must pass through to reach a specific remote host and/or the
service required. Note that a point (.) must be used to separate the
numeric addresses or mnemonics from the service names.
_______
Example
RLPA - this calls the Rutherford ICF Prime on Janet.
RLPA.FTP - this calls FTP on the Rutherford ICF Prime on Janet.
To connect to some machines, an X25 sub-address is required, which consists
of a number of extra digits added on to the machine address. This can be
easily entered on the Gateway by using the delimiter '-' at the end of the
mnemonic address and then typing the sub-address. When the mnemonic is
translated the delimiter is ignored and the whole address is converted into
a continuous string.
_______
Example
Janet-69 is translated to 23422351919169
How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway
_____________________________________
6.2 Making Calls Using TS29 Protocol
TS29 is the ideal protocol to use through the Gateway, since there should be
no problem entering the Transport Service Called Address. However, first
make sure that the machine you are calling will support TS29. When using
this protocol for network terminal calls the service name of the TS29 server
should be entered explicitly.
_____________________
6.3 The Full Address
Combining all these factors a full address might look like this.
J(FRED,XYZ).RLGB.TS29
____________________________________
6.4 Making Calls Using X29 Protocol
X29 is incompatible with the 'Yellow Book' Transport Service and some PADS
are unable to generate the Transport Service Called Address. When making an
X29 call, the onward Called Address may be entered into the Call User Data
Field of the Call. Some PADs, e.g. the British Telecom PAD are unable to
generate a Call User Data Field longer than 12 characters and so there may
not be enough space to hold all the information required. In this case, a
Call must be established only as far as the Gateway, and a dialogue held
with the Gateway to establish the next part of the connection.
If your PAD can generate a Call User Data Field, then the first character of
the text is treated as a delimiter, and should be entered as the character
'@' followed by the onward Called address.
_______
Example
On a CAMTEC PAD one might enter:-
CALL 00004000004096 D=@(FRED,XYZ).SOMEWHERE
t
make a call through the London Gateway to SOMEWHERE on PSS.
________________________________________
Overcoming Call User Data Field Problems
With X29 PADs the onward Called Address can be supplied interactively at the
Gateway without having to set up a Call User Data field. To do this the
Gateway must be called with the correct X25 sub-address. This involves
adding an extra 2 digits onto the normal 12 digit address of the Gateway.
The sub-address for JANET is 69 and 96 for PSS. The Gateway will then
prompt for the onward Called Address.
The procedure is as follows: Call the Gateway using the correct
sub-address:
23422351919169 to call JANET from PSS via the RAL Gateway
00000000004096 (or the mnemonic RL.PSS) to call PSS from JANET
via the RAL Gateway.
23421920010069 to call JANET from PSS via the London Gateway
00004000004096 (or the mnemonic LON.PSS) to call PSS from
JANET via the London Gateway.
How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway
The response from the Gateway will be the following message:
Please enter your authorisation and address required in form:
(user,password).address
>
Reply with the appropriate response.
_______
Example
(FRED,XYZ).SOMEWHERE
As the X29 protocol is being used there is no need to include the service
name X29.
Authentication is not required for incoming calls to JANET. In this case
the string (FRED,XYZ) can be omitted, note however that the address should
still be preceded with a point.
_______
Example
.RLGB
There is a timeout of between 3 and 4 minutes for this response after which
the call will be cleared, however there is no limit to the number of
attempts which can made within this time limit. If the authorisation or
adress entered is invalid the Gateway will request it again. To abandon the
attempt clear the call from the PAD. For further details of how to do this
see Network User Note 11.
You will find that on some PADs a 'call connected' message will appear on
the terminal as soon as the call has been connected to the Gateway. This
does not mean that you have made contact with your ultimate destination.
When you have contacted the remote host the Gateway will show a 'Call
connected to remote address' message.
_______________________________________________
7. Facilities Provided by the Gateway Machine
__________________
7.1 HELP Facility
A HELP Facility is available which contains the whole of this guide in its
most uptodate form. The utility which is used to view the guide allows the
text to be searched for strings as well as allowing random movement about
the document.
There is also additional up-to-the-minute information and details of
forthcoming changes. Use the HELP system from time to time to find out
about changes which may affect your access to the machine.
How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway
To connect to the HELP system, simply make a terminal call to the Gateway as
described in section 5 above. When the Logging in / User prompt appears
type HELP. The following message will then be displayed.
OS4000+Rlix V30 PSS Gateway
Logging in
user HELP
ID last used Wednesday, 10 December 1986 06:11
Started - Wed 10 Dec 1986 11:15:55
Please enter your name and establishment.
Enter your name and establishment. You will be then be presented with the
following message.
The following options are available:
NOTES GUIDE TITILES ERRORS TARRIF HELP QUIT
Which option do you require?
The following list describes each command briefly.
NOTES replies to user queries and any other useful information.
GUIDE the complete Gateway user guide.
TITLES list of JANET and PSS addresses and mnemonics
ERRORS list of error codes that you may receive.
TARRIF list of the PSS and IPSS charges.
HELP is the HELP option.
QUIT exits from the session.
When you exit from the HELP facility by typing QUIT, the following message
will appear.
If you have any comments, please type them now, terminate with E
on a line on its own. Otherwise just type
CPU used: 1 ieu, Elapsed: 2 mins, IO: 1583 units, Breaks: 14
Budgets: this period = 10.00 AUs, used = 0.010 AUs, left = 9.51 AUs
User HELP terminal 2 logged out Wed 10 Dec 1986 09:20:12
The above prompt gives the user an opportunity to type in any queries or
comments that he has about the Gateway. These comments are viewed daily by
the support staff at RAL.
________________________________________________
7.2 Account Facility and Changing Your Password
An account can be inspected and the password changed by using this facility.
First make a call to the Gateway as described in section 5. When the
Logging in /User prompt appears type ACNT.
After a short delay, there will be a prompt for a Userid. Enter your PSS
userid, you will then be prompted for your password. Enter your password
(this is not echoed), three attempts are allowed to enter the correct
password. The message 'Enter command' will now appear.
How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway
_______
Example
OS4000+Rlix V30 PSS Gateway
Logging in
user ACNT
ID last used Wednesday, 10 December 1986 09:14
Enter userid FRED
Password
Enter command
The following commands are available:
ACCOUNT Prints the state of your account on the terminal
PASSWORD Allows the password to be changed. The new password
should be typed in twice on the following two
lines when prompted. It is not echoed
END Terminates the session.
Note that each command may be abbreviated to a minimum of 2 characters.
_____________________________________________
8. Facilities Available Through the Gateway
___________________________
8.1 Demonstration Facility
There is an account available which has a small allocation available for
users to try out the Gateway. The password will be supplied on request from
the Network Executive. Note that excessive use of this account will soon
exhaust its allocation and deprive others of its use.
___________________________________________________
8.2 Address Mnemonics of Remote Hosts on Networks
________________________
Connected to the Gateway
Many network addresses consist of 12 or even 14 digits which may be
rm 33; Next>
difficult to remember and awkward to enter. To make life easier the Gateway
has a table which consists of a number of mnemonics and their respective
network addresses. When these mnemonics are typed within a call through the
Gateway the mnemonic is translated into the appropriate network address.
Therefore if you have a frequently used network address which is not in the
table, please contact the Network Executive with a request to insert the
address along with an appropriate mnemonic. Equally if you know of
mnemonics which are no longer useable contact the Network Executive.
It is hoped that the Gateway will support the Network Registration Scheme
(NRS) in the near future.
JANET User Notes 5 and 6 include mnemonics for a number of remote machines
and networks on both PSS and JANET.
How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway
_______________________________
9. Facilities Available on PSS
________________
9.1 Fast Select
This allows calls to have up to 128 bytes in the Call User Data field. You
can use this to expand address information available for the next hop of the
call. As a PSS user we have subscribed to this facility; however you
should note that some remote Hosts on PSS and IPSS cannot accept Fast Select
calls. If a Fast Select call is made to an address which does not subscribe
to the Fast Select facility the call will fail with clearing code Hex'29'.
When a mnemonic is used, the Gateway will know whether the address can
support Fast Select or not, and will make the correct call automatically.
If the full numeric address is used, then the Gateway has to be told not to
use Fast Select. This can be done by preceding the address with the string
'NFS-'. In fact the NFS is a mnemonic which translates to a null string
with the No Fast Select attribute and the minus is just a delimiter which
will be ignored.
For example, calling TELENET
PSS(FRED,XYZ).NFS-311012345678
____________________________
9.2 Reverse Charge Facility
If this facility is used the remote Host will accept all the call charges,
therefore your allocation on the Janet Gateway will not be debited. Note
that there are not many remote Hosts which will accept 'reverse charging'.
Unfortunately the only way to find out if a remote Host will accept reverse
charging is to experiment. Do this by appending 'R' to the authorisation
field, for example
(FRED,XYZ,R)
If this does not work, it could be because the remote host will only accept
calls from 'known' network addresses and the JANET addresses are 'unknown'
___________________
9.3 Access to IPSS
It is possible to access IPSS, the International Packet Switch Stream,
through PSS. This is done by entering the IPSS address in place of the PSS
address. IPSS calls are accounted separately from PSS so you will have to
make a specific request for an IPSS allocation before you make calls on
IPSS.
___________________________________________________
9.4 Calls to Other, Non-Transport Service Networks
Some networks (for example, TYMNET) require a Call User Data Field with a
different format from the one normally generated by the Gateway. A facility
has been provided to enable an arbitrary string to be included in the Call
User Data Field. This is done by terminating the numeric address (or
mnemonic) with the delimiter '*D' followed by the required string.
Everything following the '*D' is then copied into the Call User Data Field.
How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway
_______
Example
PSS(FRED,XYZ).NFS-31060000*DZRRT;IPSSLON
This would call a (fictitious) address on TYMMNET.
Finally some machines do not expect to receive any user data at all, so you
will need to enter '*D' on its own for these.
_______
Example
PSS(FRED,XYZ).YONDER*D
___________________________
9.5 Adjusting Packet Sizes
The Gateway normally tries to establish its calls with a packet size of 256
bytes, even if the incoming call had only 128 byte packets. This normally
does not cause problems, but there may be difficulties with some systems.
If you find your call being cleared even though all the addressing is
correct, or if it fails as soon as data starts to flow, try calling with the
additional data, '*P7W2', to force a packet size of 128 bytes.
_______
Example
PSS(FRED,XYZ).OVERTHERE*P7W2
If you also need to use the *D parameter that must follow the *P/W paramter.
_______
Example
PSS(FRED,XYZ).HERE*P7W2*DTOYOU
___________________________________________________
10. Protocols Available if Supported by Both Local
________________________
and Remote Host Machines
Other sorts of calls, besides terminal calls, may be possible through the
Gateway. In these cases Transport Service is required. The mechanisms
required for insertion of authorisation information vary from computer to
computer, and therefore your local support staff should be consulted for
information in this area.
Care needs to be exercised here, especially when replying to MAIL from PSS
without considering how the authorisation will be managed. Problems can
also occur with FTP, which will continue to retry a call until it receives a
fatal error, causing unnecessary network traffic.
_____________________________________________________
10.1 Network Independent File Transfer Protocol (FTP)
This allows files from one computer's file store to be sent to the file
store of another computer. Although the two computers may have very
different ways of working internally, FTP will overcome these difficulties
and arrange for the transfer of the file without the user being aware of the
special procedures that are being carried out.
How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway
______________________
10.2 JNT MAIL Protocol
This allows MAIL messages to be sent from one user to another user. The
users may be using the same machine or may be using machines on different
networks. In both cases the user types his message into the machine being
used and the MAIL program then adds a header to the message, so that it can
be transmitted to the remote Host by FTP. The received message is stored on
the remote Host and made available to the addressee.
__________________________________________________
10.3 Job Transfer and Manipulation Protocol (JTMP)
This protocol lets you:
transfer files for storage or execution
make status enquiries and get reports on these files.
modify the progress of the above.
This protocol requires standard FTP to carry out the transfers.
____________________________
11. Restrictions and Errors
_________________
11.1 Restrictions
Due to the present lack of a full Transport Service in the gateway, the
ADDRESS, DISCONNECT and RESET primitives are not fully supported. However
this should not present serious problems, since the ADDRESS and RESET
primitives are not widely used, and the DISCONNECT primitive can be carried
in a Clear Request packet.
The gateway does however support continuation of Transport Service Connect
messages into the first data packet. This is particularly useful when
attempting file transfers for which the 12-byte CUDF limitation pertains
(i.e. NSF- calls).
___________
11.2 Errors
When a call fails, there is an error code associated with the failure which
will normally be displayed on your PAD. A list of the most common codes and
their meanings is given in Network User Note 15.
PSS Address List
____________
Introduction
This is an address list of all the mnemonics that can be accessed via the
JANET Packet SwitchStream Gateway.
The list is sorted in numerical order using the machine address. The first
three digits of the address are a code which indicates the country where the
machine is situated. Headings appear throughout the list giving the country
name followed by the machines available there.
The list is divided into 3 columns which show:
a. The numeric address (DTE address)
b. A mnemonic for the address
c. A description of where the machine is located.
____________
Address List
_______ ________ ___________
ADDRESS MNEMONIC DESCRIPTION
Netherlands
204 NL Netherlands
20412900433 SARA National Institute for High Enery
Physics (NIKHEF) SARA network
20412900434 NIKHEF National Institute for High Enery
Physics (NIKHEF) SARA network
204129004353 NIKHEFH NIKHEF Gould
20418800110680 CELEX CELEX Lexical Database, Nijmegen
Belgium
206 B Belgium
2062210168 BBVA Brussels DEC A (Belgium) - 9600 bps
2062221006 BBDA Brussels DEC A (Belgium) - 2400 bps
France
208 F France
2080 TRANSPAC French Transpac
208031001511 ARGOS Argos service at Toulouse
208034020258 CNUSC CNUSC Montpelier
20803802067602 ILLDA ILL DEC-10 at Grenoble
20806911011912 FRCPN11 HEP Computing Centre, Paris
208075000394 IRST ESA - Quest
208075001282 FRCPN11X HEP Computing Centre, Paris
208075040390*DV6 MINITEL French Prestel
208075040390*DV2 MINITEL1 French Prestel
20807802016901 INRIA Institute National de Recherche
en Infoatique ...
208091000309*DCISIFMST CISI IBM - TSO
208091000309*DCISIFMST CISI1 IBM - TSO
208091000519*DCISIFMST CISI2 IBM - TSO
208091000270*DCISIFMST CISI3 IBM - TSO
208091010320 CJRCE
20809104057310 SIMBAD Stellar data centre CDC system
2080911101 SACLAY Saclay - France
Spain
214 E Spain
2141 SPAIN Spanish data network
2145222020109 LAPALMA La Palma Observatory, Canaries
Yugoslavia
220 Y Yugoslavia
2201 YUPAK Yugoslav YUPAK
220161120100 RRC RRC Computer Centre, Ljubljana
220161140001 LJUBLJANA University of Ljubljana, DEC 10 & 20
220161140015 STEFAN Institute of Jozef Stefan, Ljubljana
220162120031 MARIBOR University of Maribor - VAX 8800
Italy
222 I Italy
2222260164608 ISPRA Euratom Joint Research Centre
2222650143 ESA2 ESA - IRS
Switzerland
228 CH Switzerland
228464110115 DATASTAR2 Data-Star, Switzerland
22846431007014 DATASTAR Data-Star, no-echo on password
22848411011014 DATASTAR1 Data-Star, no-echo on password
2284681140510*DLO CERNLO CERN 300 bps
2284681140510*DME CERNME CERN 1200 bps
Austria
232 A Austria
UK
234 GB United Kingdom
2341 IPSS IPSS UK network
23421230012000 DIALOG6 DIALOG2 in US
23421230012011*D DIALOG2 DIALOG2 in US
23421230012011*D DIALOG DIALOG2 in US
23421230012013*D DIALMAIL DIALMAIL in US
234212300120*D@ DIALNET IGS Leased line to DIALOG in US
234212300187 TELEMAIL Telemail
23421230021001 CAMPUS2000 Campus 2000
23421230021001 TTNS Times Network System 01
2342123012026 DATASTREAM Datastream Service
234212300331 LASER LASER
234213300124 PROFILE Was Datasolve
234215700117 CONTEXT Context Legal Systems
234215700147 ORBIT Orbit.
234216401146 GOULDUK Gould Uk in Surrey
234216700127 PCR Pfizer Central Research
234219200101 FINSBURY
234219200146*D CEGB CEGB, Park Street, London
23421920014870 EAN EAN Gateway at ULCC
234219200171 LEXIS LEXIS/NEXIS
234219200190 INFOLINE Pergamon - Infoline
234219200203 IPSH IP-SHARP
234219200300 UCL University College London -
Computer Science
234219200394*D AREMOS Sianet
234219201002 POOLE PCL - Poole C.A.E. Service
23421920100404 BTGOLD04 BTGOLD service.
23421920100474 BTGOLD74 BTGOLD service.
23421920100476 BTGOLD76 BTGOLD service.
23421920100479 BTGOLD79 BTGOLD service.
23421920100479 LANET BTGOLD 79 service.
23421920100481 BTGOLD81 BTGOLD service.
23421920100482 BTGOLD82 BTGOLD service.
23421920100483 BTGOLD83 BTGOLD service.
23421920100484 BTGOLD84 BTGOLD service.
23421920100487 BTGOLD87 BTGOLD service.
234219201004 BTGOLD BTGOLD service.
23421920100513 EUROINFO Euronet Diane Information Service
23421920100515 HOSTESS Hostess system (BT)
23421920102517 PRESTEL Prestel
234219201156 ERS ESA - Quest
234219201156 ESA ESA - Quest
23421960116750 HRC GEC - Hirst Research (Mail)
234219709111 NPL1 NPL - use subaddress 04
234219709210 NPL2 National Physical Laboratory
2342212001450 OCLC
234222339399 CAMB University of Cambridge
234222715151 KENT University of Kent
234223519191 JANET Gateway to JANET at Rutherford
234227900102 BLAISE British Library Information System
234231354354 ERCC Edinburgh Regional Computer Centre
234233400101 BEST B.E.S.T. Database, Longman
Cartermill, St. Andrews
234212900115 STL STL
234243800105 IDEC STL IDEC
23426164336548*P7*W2 ICLB ICL network at Manchester
23424830012489 SUNCAM SUN Microsystems - Camberley
234248300124 SUN SUN Microsystems - Camberley - mail
23425272424111 INFOSEARCH ISTEL Communications Network
23425330012406 CAMTEC Camtec, Leicester (hard copy printer)
234253300124 CAMTEC Camtec, Leicester
23426160013930 NCC National Computing Centre - LEO
234261600152 UMDAFL University of Manchester Dataflow VAX
23426164321090 NRS NRS
234261643210 SALF Salford University
234261643343 FERRANTI Ferranti Computer Systems
23423440016782 PRIME Prime - Leeds
234263259159 NUMAC University of Newcastle
234274200103*DCODUS CODUS Codus
234284400108 CULHAM Culham Laboratory
234284400162 PFDS Pergamon Financial Data Systems
23428580010801*D LIBTELVT Menzies LIBTEL for VT100 terminals.
23428580010802*D LIBTELTV Menzies LIBTEL for TV910, etc
23428580010803*D LIBTELADM Menzies LIBTEL for ADM3 terminals.
23429084011100*d POLIS SCION
234293765265 ARTTEL British Library, Boston Spa
2348 TELEX UK Telex network
23523592592500 KINGLINE Hull Telephone GOLD system
Denmark
238 DK Denmark
238241745600 RECKU Univac in Copenhagen University
Sweden
240 S Sweden
2405 SWEDEN Swedish data network
240200100110 QZDB QZ via reverse pad.
240200101915 QZCOM80 QZCOM NIFTP80 service.
240200101928 QZXA UPNOD local network
2402001027 QZXB Stockholm University Computing
Centre Gateway.
240200102701 QZCOM QZ ODEN DEC-10
Norway
242 N Norway
2422 NORWAY Norwegian data network
242211000107 OSLO DEC10 at Oslo University
242223000151 RBK Cyber 170 at IFE (Energy Research
Centre), Kjeller
242245000101 BERGEN Univac at Bergen University
242253000101 RUNIT Univac at Trondheim University
242265000101 TROMSOE Cyber at Troms University
Finland
244 SF Finland
244203008 HELVA High Energy Physics Vax,
University of Helsinki
Russia
2502040300 NCADE NCADE USSR electronic mail, Moscow
Germany
262 D Germany
2624 GERMANY German data network
26245221040006*d DIMDI
26245221040104*d DIMDI2
26245228040187 BNVA Bonn VAX
26245234040194 RUB Cyber 205, Ruhr University - Bochum
262453000217 HMI Hans Mietner Institute in Berlin
26245300043042 DFNHELP Help system at DFN in Berlin
2624540009306 DYVA MARK J VAX at DESY
26245615144000 ESOC European Space Operations Centre,
Darmstadt
2624562213002 EMBL ALKOR VAX
26245724790114 CASGER2 STN International - 48K link
26245724720001 CASGER STN International - 64K link
262457610420*D FREIBURG Freiburg University
26245772340095 FURTWANGEN Furtwangen, W. Germany
26245890040220 IPP Max Planck Institute of
Plasma Physics, Garching
26245890090218 MPE Max Planck Institute for Extra
Terrestial Physics
2624589009301 ESO European Southern Observatory
in Germany VAX 11/780
Portugal
268 P Portugal
Luxembourg
270 L Luxembourg
270429200*D ODPECC Office for Official Publications,
European Communities Commision.
270448112*D ECHO IES - DC
Ireland
272 IRL Ireland
272431001992 EUROKOM EEC harmonisation COM system at
UC, Dublin - inverse PAD
27243159000630 UCD EEC harmonisation COM system at
UC, Dublin - local X25 net
Canada
302 CDN Canada
3020 DATAPAC Canadian Datapac
302067200040 UBCVCR Amdahl, Univ British Columbia,
Vancouver
302068100058 UVIC Victoria University, British Columbia
302068100256 UVICVVA Physics VAX, Victoria University,
British Columbia
302083200013 TRIUMF The Tri-University Meson Facility,
Vancouver
3025 GLOBEDAT Canadian Globedat
3029 INFOSWITCH Canadian Infoswitch
3103 ITT USA - ITT
31033010000542 DIALCOM42 DIALCOM - System 42
3104 WUI USA - WUI
3104004759 MCI MCII mail system
USA - TYMNET
3106 TYMNET USA - Tymnet
3106*DENSCL ONTYME ONTYME information system
3106*DINFORMATION TYMNETINFO TYMNET information system
3106001475 SDC2
3106001509 SDC1
310690157800*D BIX Byte Information Exchange
310600232901*D MFE Magnetic Fusion Energy Centre,
Lawrence Livermore
310600455141 UNINET U.N. database.
310600562200 FNAL Fermilab
31060061*DSDDC;IPSSLON ORBIT2 SDC Search Service
3106009211 ORBIT1 SDC Search Service
3106900803*D DIALOG3 Lockheed DIALOG service
3106900061*D DIALOG4 Lockheed DIALOG service
31069 SLAC SLAC via TYMNET
USA - TELENET
3110 TELENET USA - Telenet
31102020010900 CIS Chemical Information Systems
311021200141 JPLM1 Jet Propulsion Laboratory mail 1, USA
311021200142 JPLM2 Jet Propulsion Laboratory mail 2, USA
31102130003300*D ORBIT SDC Search Service
31102130017000*D DIALOG2 Lockheed DIALOG service
311021300219 CALTECH Caltech VAX 11/780
31103010002000 NLM National Medical Library
31103010025442 DIALCOM42 DIALCOM - system 42
311030100341 UNINET1 U.N. database.
31103010047 SOURCE Source system in USA
311030200612 OCEANIC Database on oceans of the world.
31103150002002*d BRS Biblographic Research Services, NY
31103210010400 NASAMAIL NASA telemail system.
31103210016000 SPANSSL Space Science Lab, NASA Marshal Space
Flight Control and SPAN
311032107035 NSSDCA National Space Science Data Centre,
node NSSDCA on the SPAN Network.
31104150004800*D DIALOG1 Lockheed DIALOG service
31106070002000 CORNELL0 Cornell University
31106070002100 CORNELL1 Cornell University
31106070002200 CORNELL2 Cornell University
31106070002200 CORNELL Cornell University
31106070002300 CORNELL3 Cornell University
31106140002124 CASUSA STN International
311070300463 NOAANETB NOAAnet system B, Washington DC.
31108080004010 UKTH UK Telescope in Hawaii
31108080004010 JACH UK Telescope in Hawaii
31108080004020 UKIRT UK Infra Red Telescope in Hawaii
31108080004030 JCMT James Clerk Maxwell Telescope
in Hawaii
311090900003 TELEMAIL1 Telemail on Telenet
311090900406 TELEMAIL2 Telemail on Telenet
311090900761 TELEMAIL3 Telemail on Telenet
31109090080000 JPLM3 Jet Propulsion Laboratory mail 2, USA
USA - RCA
3113 RCA USA - RCA
USA
312530300007 NCAR National Centre for Atmospheric
Research, Boulder
312541500007 DIALOGUNI
3126 AUTONET USA - Autonet
31343155859900 CORNELLF Cornell F m/c on ACCUNET
340 FA French Antilles
342 BDS Barbados
425 IL Israel
426 BRN Bahrain
431 DXB United Arab Emirates - Dubai
Japan
440 J Japan
4408 VENUSP Japanese data network
440820015 JOIST Japan Online Information System
454 HK Hong Kong
Australia
505 AUS Australia
505202230003.SPCP UTAS UTAS
505233430001 DITMELB CSIRO
50523343000301 MELBOURNE University of Melbourne - VAX X
505272223015 QUT Queensland University of Technology
505273720000 UQXA University of Queensland
ANF-10 gateway
5052737200001 UQKL10 University of Queensland
50527372000090 WOMBAT University of Queensland
50527372000094 UQVAX University of Queensland
505282720012 FLINDERS EDU.FLINDERS
50528622004 SAIT EDU.SAIT
505294320006 MURDOCH Murdoch University
505320000000 MINERVA MINERVA Mail service
525 SGP Singapore
New Zealand
530 NZ New Zealand
530130000034 CANTERBURY Canterbury University
530130000047 LINCOLN Lincoln University
530147000049 VUWCOMP VUW.COMP
530163000005 MASSEY Massey University Computer Centre
530171000004 WAIKATO Waikato University
530197000073 AUCKLAND Auckland University
South Africa
655 ZA South Africa
6550 SAPONET_P Saponet
655010601702 SACSIR CSIR, Pretoria
6559 SAPONET Saponet_P
=============================================================================
/ /
/ FILE 04 / NIA071 /
/ DOD-TCSEC Manual Part 02 of 02 /
/ Judge Dredd /
/ /
CSC-STD-001-83
Library No. S225,711
DEPARTMENT OF DEFENSE
TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA
15 August 1983
CSC-STD-001-83
7.0 THE RELATIONSHIP BETWEEN POLICY AND THE CRITERIA
Section 1 presents fundamental computer security requirements and Section 5
presents the control objectives for Trusted Computer Systems. They are
general requirements, useful and necessary, for the development of all secure
systems. However, when designing systems that will be used to process
classified or other sensitive information, functional requirements for meeting
the Control Objectives become more specific. There is a large body of policy
laid down in the form of Regulations, Directives, Presidential Executive
Orders, and OMB Circulars that form the basis of the procedures for the
handling and processing of Federal information in general and classified
information specifically. This section presents pertinent excerpts from these
policy statements and discusses their relationship to the Control Objectives.
7.1 Established Federal Policies
A significant number of computer security policies and associated requirements
have been promulgated by Federal government elements. The interested reader
is referred to reference [32] which analyzes the need for trusted systems in
the civilian agencies of the Federal government, as well as in state and local
governments and in the private sector. This reference also details a number
of relevant Federal statutes, policies and requirements not treated further
below.
Security guidance for Federal automated information systems is provided by the
Office of Management and Budget. Two specifically applicable Circulars have
been issued. OMB Circular No. A-71, Transmittal Memorandum No. 1, "Security
of Federal Automated Information Systems,"[26] directs each executive agency
to establish and maintain a computer security program. It makes the head of
each executive branch, department and agency responsible "for assuring an
adequate level of security for all agency data whether processed in-house or
commercially. This includes responsibility for the establishment of physical,
administrative and technical safeguards required to adequately protect
personal, proprietary or other sensitive data not subject to national security
regulations, as well as national security data."[26, para. 4 p. 2]
OMB Circular No. A-123, "Internal Control Systems,"[27] issued to help
eliminate fraud, waste, and abuse in government programs requires: (a) agency
heads to issue internal control directives and assign responsibility, (b)
managers to review programs for vulnerability, and (c) managers to perform
periodic reviews to evaluate strengths and update controls. Soon after
promulgation of OMB Circular A-123, the relationship of its internal control
requirements to building secure computer systems was recognized.[4] While not
stipulating computer controls specifically, the definition of Internal
Controls in A-123 makes it clear that computer systems are to be included:
"Internal Controls - The plan of organization and all of the methods and
measures adopted within an agency to safeguard its resources, assure the
accuracy and reliability of its information, assure adherence to
applicable laws, regulations and policies, and promote operational
economy and efficiency."[27, sec. 4.C]
The matter of classified national security information processed by ADP
systems was one of the first areas given serious and extensive concern in
computer security. The computer security policy documents promulgated as a
result contain generally more specific and structured requirements than most,
keyed in turn to an authoritative basis that itself provides a rather clearly
articulated and structured information security policy. This basis, Executive
Order 12356, "National Security Information," sets forth requirements for the
classification, declassification and safeguarding of "national security
information" per se.[14]
7.2 DoD Policies
Within the Department of Defense, these broad requirements are implemented and
further specified primarily through two vehicles: 1) DoD Regulation 5200.1-R
[7], which applies to all components of the DoD as such, and 2) DoD 5220.22-M,
"Industrial Security Manual for Safeguarding Classified Information" [11],
which applies to contractors included within the Defense Industrial Security
Program. Note that the latter transcends DoD as such, since it applies not
only to any contractors handling classified information for any DoD component,
but also to the contractors of eighteen other Federal organizations for whom
the Secretary of Defense is authorized to act in rendering industrial security
services.*
____________________________________________________________
* i.e., NASA, Commerce Department, GSA, State Department,
Small Business Administration, National Science Foundation,
Treasury Department, Transportation Department, Interior
Department, Agriculture Department, Health and Human
Services Department, Labor Department, Environmental
Protection Agency, Justice Department, U.S. Arms Control and
Disarmament Agency, Federal Emergency Management Agency,
Federal Reserve System, and U.S. General Accounting Office.
____________________________________________________________
For ADP systems, these information security requirements are further amplified
and specified in: 1) DoD Directive 5200.28 [8] and DoD Manual 5200.28-M [9],
for DoD components; and 2) Section XIII of DoD 5220.22-M [11] for contractors.
DoD Directive 5200.28, "Security Requirements for Automatic Data Processing
(ADP) Systems," stipulates: "Classified material contained in an ADP system
shall be safeguarded by the continuous employment of protective features in
the system's hardware and software design and configuration . . . ."[8,
sec. IV] Furthermore, it is required that ADP systems that "process, store,
or use classified data and produce classified information will, with
reasonable dependability, prevent:
a. Deliberate or inadvertent access to classified material by
unauthorized persons, and
b. Unauthorized manipulation of the computer and its associated
peripheral devices."[8, sec. I B.3]
Requirements equivalent to these appear within DoD 5200.28-M [9] and in DoD
5220.22-M [11].
>From requirements imposed by these regulations, directives and circulars, the
three components of the Security Policy Control Objective, i.e., Mandatory and
Discretionary Security and Marking, as well as the Accountability and
Assurance Control Objectives, can be functionally defined for DoD
applications. The following discussion provides further specificity in Policy
for these Control Objectives.
7.3 Criteria Control Objective for Security Policy
7.3.1 Marking
The control objective for marking is: "Systems that are designed
to enforce a mandatory security policy must store and preserve the
integrity of classification or other sensitivity labels for all
information. Labels exported from the system must be accurate
representations of the corresonding internal sensitivity labels
being exported."
DoD 5220.22-M, "Industrial Security Manual for Safeguarding
Classified Information," explains in paragraph 11 the reasons for
marking information:
"Designation by physical marking, notation or other means
serves to inform and to warn the holder about the
classification designation of the information which requires
protection in the interest of national security. The degree
of protection against unauthorized disclosure which will be
required for a particular level of classification is directly
commensurate with the marking designation which is assigned
to the material."[11]
Marking requirements are given in a number of policy statements.
Executive Order 12356 (Sections 1.5.a and 1.5.a.1) requires that
classification markings "shall be shown on the face of all
classified documents, or clearly associated with other forms of
classified information in a manner appropriate to the medium
involved."[14]
DoD Regulation 5200.1-R (Section 1-500) requires that: ". . .
information or material that requires protection against
unauthorized disclosure in the interest of national security shall
be classified in one of three designations, namely: 'Top Secret,'
'Secret' or 'Confidential.'"[7] (By extension, for use in computer
processing, the unofficial designation "Unclassified" is used to
indicate information that does not fall under one of the other
three designations of classified information.)
DoD Regulation 5200.1-R (Section 4-304b) requires that: "ADP
systems and word processing systems employing such media shall
provide for internal classification marking to assure that
classified information contained therein that is reproduced or
generated, will bear applicable classification and associated
markings." (This regulation provides for the exemption of certain
existing systems where "internal classification and applicable
associated markings cannot be implemented without extensive system
modifications."[7] However, it is clear that future DoD ADP
systems must be able to provide applicable and accurate labels for
classified and other sensitive information.)
DoD Manual 5200.28-M (Section IV, 4-305d) requires the following:
"Security Labels - All classified material accessible by or within
the ADP system shall be identified as to its security
classification and access or dissemination limitations, and all
output of the ADP system shall be appropriately marked."[9]
7.3.2 Mandatory Security
The control objective for mandatory security is: "Security
policies defined for systems that are used to process classified
or other specifically categorized sensitive information must
include provisions for the enforcement of mandatory access control
rules. That is, they must include a set of rules for controlling
access based directly on a comparison of the individual's
clearance or authorization for the information and the
classification or sensitivity designation of the information being
sought, and indirectly on considerations of physical and other
environmental factors of control. The mandatory access control
rules must accurately reflect the laws, regulations, and general
policies from which they are derived."
There are a number of policy statements that are related to
mandatory security.
Executive Order 12356 (Section 4.1.a) states that "a person is
eligible for access to classified information provided that a
determination of trustworthiness has been made by agency heads or
designated officials and provided that such access is essential
to the accomplishment of lawful and authorized Government
purposes."[14]
DoD Regulation 5200.1-R (Chapter I, Section 3) defines a Special
Access Program as "any program imposing 'need-to-know' or access
controls beyond those normally provided for access to
Confidential, Secret, or Top Secret information. Such a program
includes, but is not limited to, special clearance, adjudication,
or investigative requirements, special designation of officials
authorized to determine 'need-to-know', or special lists of persons
determined to have a 'need-to- know.'"[7, para. 1-328] This
passage distinguishes between a 'discretionary' determination of
need-to-know and formal need-to-know which is implemented through
Special Access Programs. DoD Regulation 5200.1-R, paragraph 7-100
describes general requirements for trustworthiness (clearance) and
need-to-know, and states that the individual with possession,
knowledge or control of classified information has final
responsibility for determining if conditions for access have been
met. This regulation further stipulates that "no one has a right
to have access to classified information solely by virtue of rank
or position." [7, para. 7-100])
DoD Manual 5200.28-M (Section II 2-100) states that, "Personnel
who develop, test (debug), maintain, or use programs which are
classified or which will be used to access or develop classified
material shall have a personnel security clearance and an access
authorization (need-to-know), as appropriate for the highest
classified and most restrictive category of classified material
which they will access under system constraints."[9]
DoD Manual 5220.22-M (Paragraph 3.a) defines access as "the
ability and opportunity to obtain knowledge of classified
information. An individual, in fact, may have access to
classified information by being in a place where such information
is kept, if the security measures which are in force do not
prevent him from gaining knowledge of the classified
information."[11]
The above mentioned Executive Order, Manual, Directives and
Regulations clearly imply that a trusted computer system must
assure that the classification labels associated with sensitive
data cannot be arbitrarily changed, since this could permit
individuals who lack the appropriate clearance to access
classified information. Also implied is the requirement that a
trusted computer system must control the flow of information so
that data from a higher classification cannot be placed in a
storage object of lower classification unless its "downgrading"
has been authorized.
7.3.3 Discretionary Security
The term discretionary security refers to a computer system's
ability to control information on an individual basis. It stems
from the fact that even though an individual has all the formal
clearances for access to specific classified information, each
individual's access to information must be based on a demonstrated
need-to-know. Because of this, it must be made clear that this
requirement is not discretionary in a "take it or leave it" sense.
The directives and regulations are explicit in stating that the
need-to-know test must be satisfied before access can be granted
to the classified information. The control objective for
discretionary security is: "Security policies defined for systems
that are used to process classified or other sensitive information
must include provisions for the enforcement of discretionary
access control rules. That is, they must include a consistent set
of rules for controlling and limiting access based on identified
individuals who have been determined to have a need-to-know for the
information."
DoD Regulation 5200.1-R (Paragraph 7-100) In addition to excerpts
already provided that touch on need-to- know, this section of the
regulation stresses the need- to-know principle when it states "no
person may have access to classified information unless . . .
access is necessary for the performance of official duties."[7]
Also, DoD Manual 5220.22-M (Section III 20.a) states that "an
individual shall be permitted to have access to classified
information only . . . when the contractor determines that access
is necessary in the performance of tasks or services essential to
the fulfillment of a contract or program, i.e., the individual has
a need-to-know."[11]
7.4 Criteria Control Objective for Accountability
The control objective for accountability is: "Systems that are used to
process or handle classified or other sensitive information must assure
individual accountability whenever either a mandatory or discretionary
security policy is invoked. Furthermore, to assure accountability the
capability must exist for an authorized and competent agent to access and
evaluate accountability information by a secure means, within a reasonable
amount of time, and without undue difficulty."
This control objective is supported by the following citations:
DoD Directive 5200.28 (VI.A.1) states: "Each user's identity shall be
positively established, and his access to the system, and his activity in
the system (including material accessed and actions taken) controlled and
open to scrutiny."[8]
DoD Manual 5200.28-M (Section V 5-100) states: "An audit log or file
(manual, machine, or a combination of both) shall be maintained as a
history of the use of the ADP System to permit a regular security review
of system activity. (e.g., The log should record security related
transactions, including each access to a classified file and the nature
of the access, e.g., logins, production of accountable classified
outputs, and creation of new classified files. Each classified file
successfully accessed [regardless of the number of individual references]
during each 'job' or 'interactive session' should also be recorded in the
audit log. Much of the material in this log may also be required to
assure that the system preserves information entrusted to it.)"[9]
DoD Manual 5200.28-M (Section IV 4-305f) states: "Where needed to assure
control of access and individual accountability, each user or specific
group of users shall be identified to the ADP System by appropriate
administrative or hardware/software measures. Such identification
measures must be in sufficient detail to enable the ADP System to provide
the user only that material which he is authorized."[9]
DoD Manual 5200.28-M (Section I 1-102b) states:
"Component's Designated Approving Authorities, or their designees
for this purpose . . . will assure:
. . . . . . . . . . . . . . . . .
(4) Maintenance of documentation on operating systems (O/S)
and all modifications thereto, and its retention for a
sufficient period of time to enable tracing of security-
related defects to their point of origin or inclusion in the
system.
. . . . . . . . . . . . . . . . .
(6) Establishment of procedures to discover, recover,
handle, and dispose of classified material improperly
disclosed through system malfunction or personnel action.
(7) Proper disposition and correction of security
deficiencies in all approved ADP Systems, and the effective
use and disposition of system housekeeping or audit records,
records of security violations or security-related system
malfunctions, and records of tests of the security features
of an ADP System."[9]
DoD Manual 5220.22-M (Section XIII 111) states: "Audit Trails
a. The general security requirement for any ADP system audit
trail is that it provide a documented history of the use of
the system. An approved audit trail will permit review of
classified system activity and will provide a detailed
activity record to facilitate reconstruction of events to
determine the magnitude of compromise (if any) should a
security malfunction occur. To fulfill this basic
requirement, audit trail systems, manual, automated or a
combination of both must document significant events
occurring in the following areas of concern: (i) preparation
of input data and dissemination of output data (i.e.,
reportable interactivity between users and system support
personnel), (ii) activity involved within an ADP environment
(e.g., ADP support personnel modification of security and
related controls), and (iii) internal machine activity.
b. The audit trail for an ADP system approved to process
classified information must be based on the above three
areas and may be stylized to the particular system. All
systems approved for classified processing should contain
most if not all of the audit trail records listed below. The
contractor's SPP documentation must identify and describe
those applicable:
1. Personnel access;
2. Unauthorized and surreptitious entry into the
central computer facility or remote terminal areas;
3. Start/stop time of classified processing indicating
pertinent systems security initiation and termination events
(e.g., upgrading/downgrading actions pursuant to paragraph
107);
4. All functions initiated by ADP system console
operators;
5. Disconnects of remote terminals and peripheral
devices (paragraph 107c);
6. Log-on and log-off user activity;
7. Unauthorized attempts to access files or programs,
as well as all open, close, create, and file destroy
actions;
8. Program aborts and anomalies including
identification information (i.e., user/program name, time
and location of incident, etc.);
9. System hardware additions, deletions and maintenance
actions;
10. Generations and modifications affecting the
security features of the system software.
c. The ADP system security supervisor or designee shall
review the audit trail logs at least weekly to assure that
all pertinent activity is properly recorded and that
appropriate action has been taken to correct any anomaly.
The majority of ADP systems in use today can develop audit
trail systems in accord with the above; however, special
systems such as weapons, communications, communications
security, and tactical data exchange and display systems,
may not be able to comply with all aspects of the above and
may require individualized consideration by the cognizant
security office.
d. Audit trail records shall be retained for a period of one
inspection cycle."[11]
7.5 Criteria Control Objective for Assurance
The control objective for assurance is: "Systems that are used to process
or handle classified or other sensitive information must be designed to
guarantee correct and accurate interpretation of the security policy and
must not distort the intent of that policy. Assurance must be provided
that correct implementation and operation of the policy exists throughout
the system's life-cycle."
A basis for this objective can be found in the following sections of DoD
Directive 5200.28:
DoD Directive 5200.28 (IV.B.1) stipulates: "Generally, security of an ADP
system is most effective and economical if the system is designed
originally to provide it. Each Department of Defense Component
undertaking design of an ADP system which is expected to process, store,
use, or produce classified material shall: From the beginning of the
design process, consider the security policies, concepts, and measures
prescribed in this Directive."[8]
DoD Directive 5200.28 (IV.C.5.a) states: "Provision may be made to permit
adjustment of ADP system area controls to the level of protection
required for the classification category and type(s) of material actually
being handled by the system, provided change procedures are developed and
implemented which will prevent both the unauthorized access to classified
material handled by the system and the unauthorized manipulation of the
system and its components. Particular attention shall be given to the
continuous protection of automated system security measures, techniques
and procedures when the personnel security clearance level of users
having access to the system changes."[8]
DoD Directive 5200.28 (VI.A.2) states: "Environmental Control. The ADP
System shall be externally protected to minimize the likelihood of
unauthorized access to system entry points, access to classified
information in the system, or damage to the system."[8]
DoD Manual 5200.28-M (Section I 1-102b) states:
"Component's Designated Approving Authorities, or their designees
for this purpose . . . will assure:
. . . . . . . . . . . . . . . . .
(5) Supervision, monitoring, and testing, as appropriate, of
changes in an approved ADP System which could affect the
security features of the system, so that a secure system is
maintained.
. . . . . . . . . . . . . . . . .
(7) Proper disposition and correction of security
deficiencies in all approved ADP Systems, and the effective
use and disposition of system housekeeping or audit records,
records of security violations or security-related system
malfunctions, and records of tests of the security features
of an ADP System.
(8) Conduct of competent system ST&E, timely review of
system ST&E reports, and correction of deficiencies needed
to support conditional or final approval or disapproval of
an ADP System for the processing of classified information.
(9) Establishment, where appropriate, of a central ST&E
coordination point for the maintenance of records of
selected techniques, procedures, standards, and tests used
in the testing and evaluation of security features of ADP
Systems which may be suitable for validation and use by
other Department of Defense Components."[9]
DoD Manual 5220.22-M (Section XIII 103a) requires: "the initial approval,
in writing, of the cognizant security office prior to processing any
classified information in an ADP system. This section requires
reapproval by the cognizant security office for major system
modifications made subsequent to initial approval. Reapprovals will be
required because of (i) major changes in personnel access requirements,
(ii) relocation or structural modification of the central computer
facility, (iii) additions, deletions or changes to main frame, storage or
input/output devices, (iv) system software changes impacting security
protection features, (v) any change in clearance, declassification, audit
trail or hardware/software maintenance procedures, and (vi) other system
changes as determined by the cognizant security office."[11]
A major component of assurance, life-cycle assurance, is concerned with
testing ADP systems both in the development phase as well as during
operation. DoD Directive 5215.1 (Section F.2.C.(2)) requires
"evaluations of selected industry and government-developed trusted
computer systems against these criteria."[10]
8.0 A GUIDELINE ON COVERT CHANNELS
A covert channel is any communication channel that can be exploited by a
process to transfer information in a manner that violates the system's
security policy. There are two types of covert channels: storage channels and
timing channels. Covert storage channels include all vehicles that would
allow the direct or indirect writing of a storage location by one process and
the direct or indirect reading of it by another. Covert timing channels
include all vehicles that would allow one process to signal information to
another process by modulating its own use of system resources in such a way
that the change in response time observed by the second process would provide
information.
>From a security perspective, covert channels with low bandwidths represent a
lower threat than those with high bandwidths. However, for many types of
covert channels, techniques used to reduce the bandwidth below a certain rate
(which depends on the specific channel mechanism and the system architecture)
also have the effect of degrading the performance provided to legitimate
system users. Hence, a trade-off between system performance and covert
channel bandwidth must be made. Because of the threat of compromise that
would be present in any multilevel computer system containing classified or
sensitive information, such systems should not contain covert channels with
high bandwidths. This guideline is intended to provide system developers with
an idea of just how high a "high" covert channel bandwidth is.
A covert channel bandwidth that exceeds a rate of one hundred (100) bits per
second is considered "high" because 100 bits per second is the approximate
rate at which many computer terminals are run. It does not seem appropriate
to call a computer system "secure" if information can be compromised at a rate
equal to the normal output rate of some commonly used device.
In any multilevel computer system there are a number of relatively
low-bandwidth covert channels whose existence is deeply ingrained in the
system design. Faced with the large potential cost of reducing the bandwidths
of such covert channels, it is felt that those with maximum bandwidths of less
than one (1) bit per second are acceptable in most application environments.
Though maintaining acceptable performance in some systems may make it
impractical to eliminate all covert channels with bandwidths of 1 or more bits
per second, it is possible to audit their use without adversely affecting
system performance. This audit capability provides the system administration
with a means of detecting -- and procedurally correcting -- significant
compromise. Therefore, a Trusted Computing Base should provide, wherever
possible, the capability to audit the use of covert channel mechanisms with
bandwidths that may exceed a rate of one (1) bit in ten (10) seconds.
The covert channel problem has been addressed by a number of authors. The
interested reader is referred to references [5], [6], [19], [21], [22], [23],
and [29].
9.0 A GUIDELINE ON CONFIGURING MANDATORY ACCESS CONTROL FEATURES
The Mandatory Access Control requirement includes a capability to support an
unspecified number of hierarchical classifications and an unspecified number
of non-hierarchical categories at each hierarchical level. To encourage
consistency and portability in the design and development of the National
Security Establishment trusted computer systems, it is desirable for all such
systems to be able to support a minimum number of levels and categories. The
following suggestions are provided for this purpose:
* The number of hierarchical classifications should be greater than or
equal to eight (8).
* The number of non-hierarchical categories should be greater than or
equal to twenty-nine (29).
10.0 A GUIDELINE ON SECURITY TESTING
These guidelines are provided to give an indication of the extent and
sophistication of testing undertaken by the DoD Computer Security Center
during the Formal Product Evaluation process. Organizations wishing to use
"Department of Defense Trusted Computer System Evaluation Criteria" for
performing their own evaluations may find this section useful for planning
purposes.
As in Part I, highlighting is used to indicate changes in the guidelines from
the next lower division.
10.1 Testing for Division C
10.1.1 Personnel
The security testing team shall consist of at least two
individuals with bachelor degrees in Computer Science or the
equivalent. Team members shall be able to follow test plans
prepared by the system developer and suggest additions, shall
be familiar with the "flaw hypothesis" or equivalent security
testing methodology, and shall have assembly level programming
experience. Before testing begins, the team members shall have
functional knowledge of, and shall have completed the system
developer's internals course for, the system being evaluated.
10.1.2 Testing
The team shall have "hands-on" involvement in an independent run
of the tests used by the system developer. The team shall
independently design and implement at least five system-specific
tests in an attempt to circumvent the security mechanisms of the
system. The elapsed time devoted to testing shall be at least
one month and need not exceed three months. There shall be no
fewer than twenty hands-on hours spent carrying out system
developer-defined tests and test team-defined tests.
10.2 Testing for Division B
10.2.1 Personnel
The security testing team shall consist of at least two
individuals with bachelor degrees in Computer Science or the
equivalent and at least one individual with a master's degree in
Computer Science or equivalent. Team members shall be able to
follow test plans prepared by the system developer and suggest
additions, shall be conversant with the "flaw hypothesis" or
equivalent security testing methodology, shall be fluent in the
TCB implementation language(s), and shall have assembly level
programming experience. Before testing begins, the team members
shall have functional knowledge of, and shall have completed the
system developer's internals course for, the system being
evaluated. At least one team member shall have previously
completed a security test on another system.
10.2.2 Testing
The team shall have "hands-on" involvement in an independent run
of the test package used by the system developer to test
security-relevant hardware and software. The team shall
independently design and implement at least fifteen system-
specific tests in an attempt to circumvent the security
mechanisms of the system. The elapsed time devoted to testing
shall be at least two months and need not exceed four months.
There shall be no fewer than thirty hands-on hours per team
member spent carrying out system developer-defined tests and
test team-defined tests.
10.3 Testing for Division A
10.3.1 Personnel
The security testing team shall consist of at least one
individual with a bachelor's degree in Computer Science or the
equivalent and at least two individuals with masters' degrees in
Computer Science or equivalent. Team members shall be able to
follow test plans prepared by the system developer and suggest
additions, shall be conversant with the "flaw hypothesis" or
equivalent security testing methodology, shall be fluent in the
TCB implementation language(s), and shall have assembly level
programming experience. Before testing begins, the team members
shall have functional knowledge of, and shall have completed the
system developer's internals course for, the system being
evaluated. At least one team member shall be familiar enough
with the system hardware to understand the maintenance diagnostic
programs and supporting hardware documentation. At least two
team members shall have previously completed a security test on
another system. At least one team member shall have
demonstrated system level programming competence on the system
under test to a level of complexity equivalent to adding a device
driver to the system.
10.3.2 Testing
The team shall have "hands-on" involvement in an independent run
of the test package used by the system developer to test
security-relevant hardware and software. The team shall
independently design and implement at least twenty-five system-
specific tests in an attempt to circumvent the security
mechanisms of the system. The elapsed time devoted to testing
shall be at least three months and need not exceed six months.
There shall be no fewer than fifty hands-on hours per team
member spent carrying out system developer-defined tests and
test team-defined tests.
APPENDIX A
Commercial Product Evaluation Process
"Department of Defense Trusted Computer System Evaluation Criteria" forms the
basis upon which the Computer Security Center will carry out the commercial
computer security evaluation process. This process is focused on commercially
produced and supported general-purpose operating system products that meet the
needs of government departments and agencies. The formal evaluation is aimed
at "off-the-shelf" commercially supported products and is completely divorced
>from any consideration of overall system performance, potential applications,
or particular processing environments. The evaluation provides a key input to
a computer system security approval/accreditation. However, it does not
constitute a complete computer system security evaluation. A complete study
(e.g., as in reference [18]) must consider additional factors dealing with the
system in its unique environment, such as it's proposed security mode of
operation, specific users, applications, data sensitivity, physical and
personnel security, administrative and procedural security, TEMPEST, and
communications security.
The product evaluation process carried out by the Computer Security Center has
three distinct elements:
* Preliminary Product Evaluation - An informal dialogue between a vendor
and the Center in which technical information is exchanged to create a
common understanding of the vendor's product, the criteria, and the
rating that may be expected to result from a formal product evaluation.
* Formal Product Evaluation - A formal evaluation, by the Center, of a
product that is available to the DoD, and that results in that product
and its assigned rating being placed on the Evaluated Products List.
* Evaluated Products List - A list of products that have been subjected
to formal product evaluation and their assigned ratings.
PRELIMINARY PRODUCT EVALUATION
Since it is generally very difficult to add effective security measures late
in a product's life cycle, the Center is interested in working with system
vendors in the early stages of product design. A preliminary product
evaluation allows the Center to consult with computer vendors on computer
security issues found in products that have not yet been formally announced.
A preliminary evaluation is typically initiated by computer system vendors who
are planning new computer products that feature security or major
security-related upgrades to existing products. After an initial meeting
between the vendor and the Center, appropriate non-disclosure agreements are
executed that require the Center to maintain the confidentiality of any
proprietary information disclosed to it. Technical exchange meetings follow
in which the vendor provides details about the proposed product (particularly
its internal designs and goals) and the Center provides expert feedback to the
vendor on potential computer security strengths and weaknesses of the vendor's
design choices, as well as relevant interpretation of the criteria. The
preliminary evaluation is typically terminated when the product is completed
and ready for field release by the vendor. Upon termination, the Center
prepares a wrap-up report for the vendor and for internal distribution within
the Center. Those reports containing proprietary information are not
available to the public.
During preliminary evaluation, the vendor is under no obligation to actually
complete or market the potential product. The Center is, likewise, not
committed to conduct a formal product evaluation. A preliminary evaluation
may be terminated by either the Center or the vendor when one notifies the
other, in writing, that it is no longer advantageous to continue the
evaluation.
FORMAL PRODUCT EVALUATION
The formal product evaluation provides a key input to certification of a
computer system for use in National Security Establishment applications and is
the sole basis for a product being placed on the Evaluated Products List.
A formal product evaluation begins with a request by a vendor for the Center
to evaluate a product for which the product itself and accompanying
documentation needed to meet the requirements defined by this publication are
complete. Non-disclosure agreements are executed and a formal product
evaluation team is formed by the Center. An initial meeting is then held with
the vendor to work out the schedule for the formal evaluation. Since testing
of the implemented product forms an important part of the evaluation process,
access by the evaluation team to a working version of the system is negotiated
with the vendor. Additional support required from the vendor includes
complete design documentation, source code, and access to vendor personnel who
can answer detailed questions about specific portions of the product. The
evaluation team tests the product against each requirement, making any
necessary interpretations of the criteria with respect to the product being
evaluated.
The evaluation team writes a two-part final report on their findings about the
system. The first part is publicly available (containing no proprietary
information) and contains the overall class rating assigned to the system and
the details of the evaluation team's findings when comparing the product
against the evaluation criteria. The second part of the evaluation report
contains vulnerability analyses and other detailed information supporting the
rating decision. Since this part may contain proprietary or other sensitive
information it will be distributed only within the U.S. Government on a
strict need-to-know and non- disclosure basis, and to the vendor. No portion
of the evaluation results will be withheld from the vendor.
APPENDIX B
Summary of Evaluation Criteria Divisions
The divisions of systems recognized under the trusted computer system
evaluation criteria are as follows. Each division represents a major
improvement in the overall confidence one can place in the system to protect
classified and other sensitive information.
Division (D): Minimal Protection
This division contains only one class. It is reserved for those systems that
have been evaluated but that fail to meet the requirements for a higher
evaluation class.
Division (C): Discretionary Protection
Classes in this division provide for discretionary (need-to-know) protection
and, through the inclusion of audit capabilities, for accountability of
subjects and the actions they initiate.
Division (B): Mandatory Protection
The notion of a TCB that preserves the integrity of sensitivity labels and
uses them to enforce a set of mandatory access control rules is a major
requirement in this division. Systems in this division must carry the
sensitivity labels with major data structures in the system. The system
developer also provides the security policy model on which the TCB is based
and furnishes a specification of the TCB. Evidence must be provided to
demonstrate that the reference monitor concept has been implemented.
Division (A): Verified Protection
This division is characterized by the use of formal security verification
methods to assure that the mandatory and discretionary security controls
employed in the system can effectively protect classified or other sensitive
information stored or processed by the system. Extensive documentation is
required to demonstrate that the TCB meets the security requirements in all
aspects of design, development and implementation.
APPENDIX C
Summary of Evaluation Criteria Classes
The classes of systems recognized under the trusted computer system evaluation
criteria are as follows. They are presented in the order of increasing
desirablity from a computer security point of view.
Class (D): Minimal Protection
This class is reserved for those systems that have been evaluated but that
fail to meet the requirements for a higher evaluation class.
Class (C1): Discretionary Security Protection
The Trusted Computing Base (TCB) of a class (C1) system nominally satisfies
the discretionary security requirements by providing separation of users and
data. It incorporates some form of credible controls capable of enforcing
access limitations on an individual basis, i.e., ostensibly suitable for
allowing users to be able to protect project or private information and to
keep other users from accidentally reading or destroying their data. The
class (C1) environment is expected to be one of cooperating users processing
data at the same level(s) of sensitivity.
Class (C2): Controlled Access Protection
Systems in this class enforce a more finely grained discretionary access
control than (C1) systems, making users individually accountable for their
actions through login procedures, auditing of security-relevant events, and
resource isolation.
Class (B1): Labeled Security Protection
Class (B1) systems require all the features required for class (C2). In
addition, an informal statement of the security policy model, data labeling,
and mandatory access control over named subjects and objects must be present.
The capability must exist for accurately labeling exported information. Any
flaws identified by testing must be removed.
Class (B2): Structured Protection
In class (B2) systems, the TCB is based on a clearly defined and documented
formal security policy model that requires the discretionary and mandatory
access control enforcement found in class (B1) systems be extended to all
subjects and objects in the ADP system. In addition, covert channels are
addressed. The TCB must be carefully structured into protection-critical and
non- protection-critical elements. The TCB interface is well-defined and the
TCB design and implementation enable it to be subjected to more thorough
testing and more complete review. Authentication mechanisms are strengthened,
trusted facility management is provided in the form of support for system
administrator and operator functions, and stringent configuration management
controls are imposed. The system is relatively resistant to penetration.
Class (B3): Security Domains
The class (B3) TCB must satisfy the reference monitor requirements that it
mediate all accesses of subjects to objects, be tamperproof, and be small
enough to be subjected to analysis and tests. To this end, the TCB is
structured to exclude code not essential to security policy enforcement, with
significant system engineering during TCB design and implementation directed
toward minimizing its complexity. A security administrator is supported,
audit mechanisms are expanded to signal security- relevant events, and system
recovery procedures are required. The system is highly resistant to
penetration.
Class (A1): Verified Design
Systems in class (A1) are functionally equivalent to those in class (B3) in
that no additional architectural features or policy requirements are added.
The distinguishing feature of systems in this class is the analysis derived
>from formal design specification and verification techniques and the resulting
high degree of assurance that the TCB is correctly implemented. This
assurance is developmental in nature, starting with a formal model of the
security policy and a formal top-level specification (FTLS) of the design. In
keeping with the extensive design and development analysis of the TCB required
of systems in class (A1), more stringent configuration management is required
and procedures are established for securely distributing the system to sites.
A system security administrator is supported.
APPENDIX D
Requirement Directory
This appendix lists requirements defined in "Department of Defense Trusted
Computer System Evaluation Criteria" alphabetically rather than by class. It
is provided to assist in following the evolution of a requirement through the
classes. For each requirement, three types of criteria may be present. Each
will be preceded by the word: NEW, CHANGE, or ADD to indicate the following:
NEW: Any criteria appearing in a lower class are superseded
by the criteria that follow.
CHANGE: The criteria that follow have appeared in a lower class
but are changed for this class. Highlighting is used
to indicate the specific changes to previously stated
criteria.
ADD: The criteria that follow have not been required for any
lower class, and are added in this class to the
previously stated criteria for this requirement.
Abbreviations are used as follows:
NR: (No Requirement) This requirement is not included in
this class.
NAR: (No Additional Requirements) This requirement does not
change from the previous class.
The reader is referred to Part I of this document when placing new criteria
for a requirement into the complete context for that class.
Figure 1 provides a pictorial summary of the evolution of requirements through
the classes.
Audit
C1: NR.
C2: NEW: The TCB shall be able to create, maintain, and protect from
modification or unauthorized access or destruction an audit trail of
accesses to the objects it protects. The audit data shall be
protected by the TCB so that read access to it is limited to those
who are authorized for audit data. The TCB shall be able to record
the following types of events: use of identification and
authentication mechanisms, introduction of objects into a user's
address space (e.g., file open, program initiation), deletion of
objects, and actions taken by computer operators and system
administrators and/or system security officers. For each recorded
event, the audit record shall identify: date and time of the event,
user, type of event, and success or failure of the event. For
identification/authentication events the origin of request (e.g.,
terminal ID) shall be included in the audit record. For events that
introduce an object into a user's address space and for object
deletion events the audit record shall include the name of the object.
The ADP system administrator shall be able to selectively audit the
actions of any one or more users based on individual identity.
B1: CHANGE: For events that introduce an object into a user's address
space and for object deletion events the audit record shall include
the name of the object and the object's security level. The ADP
system administrator shall be able to selectively audit the actions
of any one or more users based on individual identity and/or object
security level.
ADD: The TCB shall also be able to audit any override of
human-readable output markings.
B2: ADD: The TCB shall be able to audit the identified events that may be
used in the exploitation of covert storage channels.
B3: ADD: The TCB shall contain a mechanism that is able to monitor the
occurrence or accumulation of security auditable events that may
indicate an imminent violation of security policy. This mechanism
shall be able to immediately notify the security administrator when
thresholds are exceeded.
A1: NAR.
Configuration Management
C1: NR.
C2: NR.
B1: NR.
B2: NEW: During development and maintenance of the TCB, a configuration
management system shall be in place that maintains control of changes
to the descriptive top-level specification, other design data,
implementation documentation, source code, the running version of the
object code, and test fixtures and documentation. The configuration
management system shall assure a consistent mapping among all
documentation and code associated with the current version of the TCB.
Tools shall be provided for generation of a new version of the TCB
from source code. Also available shall be tools for comparing a
newly generated version with the previous TCB version in order to
ascertain that only the intended changes have been made in the code
that will actually be used as the new version of the TCB.
B3: NAR.
A1: CHANGE: During the entire life-cycle, i.e., during the design,
development, and maintenance of the TCB, a configuration management
system shall be in place for all security-relevant hardware, firmware,
and software that maintains control of changes to the formal model,
the descriptive and formal top-level specifications, other design
data, implementation documentation, source code, the running version
of the object code, and test fixtures and documentation. Also
available shall be tools, maintained under strict configuration
control, for comparing a newly generated version with the previous
TCB version in order to ascertain that only the intended changes have
been made in the code that will actually be used as the new version
of the TCB.
ADD: A combination of technical, physical, and procedural safeguards
shall be used to protect from unauthorized modification or
destruction the master copy or copies of all material used to
generate the TCB.
Covert Channel Analysis
C1: NR.
C2: NR.
B1: NR.
B2: NEW: The system developer shall conduct a thorough search for covert
storage channels and make a determination (either by actual
measurement or by engineering estimation) of the maximum bandwidth of
each identified channel. (See the Covert Channels Guideline section.)
B3: CHANGE: The system developer shall conduct a thorough search for
covert channels and make a determination (either by actual
measurement or by engineering estimation) of the maximum bandwidth
of each identified channel.
A1: ADD: Formal methods shall be used in the analysis.
Design Documentation
C1: NEW: Documentation shall be available that provides a description of
the manufacturer's philosophy of protection and an explanation of how
this philosophy is translated into the TCB. If the TCB is composed
of distinct modules, the interfaces between these modules shall be
described.
C2: NAR.
B1: ADD: An informal or formal description of the security policy model
enforced by the TCB shall be available and an explanation provided to
show that it is sufficient to enforce the security policy. The
specific TCB protection mechanisms shall be identified and an
explanation given to show that they satisfy the model.
B2: CHANGE: The interfaces between the TCB modules shall be described. A
formal description of the security policy model enforced by the TCB
shall be available and proven that it is sufficient to enforce the
security policy.
ADD: The descriptive top-level specification (DTLS) shall be shown to
be an accurate description of the TCB interface. Documentation shall
describe how the TCB implements the reference monitor concept and
give an explanation why it is tamperproof, cannot be bypassed, and is
correctly implemented. Documentation shall describe how the TCB is
structured to facilitate testing and to enforce least privilege.
This documentation shall also present the results of the covert
channel analysis and the tradeoffs involved in restricting the
channels. All auditable events that may be used in the exploitation
of known covert storage channels shall be identified. The bandwidths
of known covert storage channels, the use of which is not detectable
by the auditing mechanisms, shall be provided. (See the Covert
Channel Guideline section.)
B3: ADD: The TCB implementation (i.e., in hardware, firmware, and
software) shall be informally shown to be consistent with the DTLS.
The elements of the DTLS shall be shown, using informal techniques,
to correspond to the elements of the TCB.
A1: CHANGE: The TCB implementation (i.e., in hardware, firmware, and
software) shall be informally shown to be consistent with the formal
top-level specification (FTLS). The elements of the FTLS shall be
shown, using informal techniques, to correspond to the elements of
the TCB.
ADD: Hardware, firmware, and software mechanisms not dealt with in
the FTLS but strictly internal to the TCB (e.g., mapping registers,
direct memory access I/O) shall be clearly described.
Design Specification and Verification
C1: NR.
C2: NR.
B1: NEW: An informal or formal model of the security policy supported by
the TCB shall be maintained that is shown to be consistent with its
axioms.
B2: CHANGE: A formal model of the security policy supported by the TCB
shall be maintained that is proven consistent with its axioms.
ADD: A descriptive top-level specification (DTLS) of the TCB shall be
maintained that completely and accurately describes the TCB in terms
of exceptions, error messages, and effects. It shall be shown to be
an accurate description of the TCB interface.
B3: ADD: A convincing argument shall be given that the DTLS is consistent
with the model.
A1: CHANGE: The FTLS shall be shown to be an accurate description of the
TCB interface. A convincing argument shall be given that the DTLS is
consistent with the model and a combination of formal and informal
techniques shall be used to show that the FTLS is consistent with the
model.
ADD: A formal top-level specification (FTLS) of the TCB shall be
maintained that accurately describes the TCB in terms of exceptions,
error messages, and effects. The DTLS and FTLS shall include those
components of the TCB that are implemented as hardware and/or
firmware if their properties are visible at the TCB interface. This
verification evidence shall be consistent with that provided within
the state-of-the-art of the particular Computer Security Center-
endorsed formal specification and verification system used. Manual
or other mapping of the FTLS to the TCB source code shall be
performed to provide evidence of correct implementation.
Device Labels
C1: NR.
C2: NR.
B1: NR.
B2: NEW: The TCB shall support the assignment of minimum and maximum
security levels to all attached physical devices. These security
levels shall be used by the TCB to enforce constraints imposed by
the physical environments in which the devices are located.
B3: NAR.
A1: NAR.
Discretionary Access Control
C1: NEW: The TCB shall define and control access between named users and
named objects (e.g., files and programs) in the ADP system. The
enforcement mechanism (e.g., self/group/public controls, access
control lists) shall allow users to specify and control sharing of
those objects by named individuals or defined groups or both.
C2: CHANGE: The enforcement mechanism (e.g., self/group/public controls,
access control lists) shall allow users to specify and control
sharing of those objects by named individuals, or defined groups of
individuals, or by both.
ADD: The discretionary access control mechanism shall, either by explicit
user action or by default, provide that objects are protected from
unauthorized access. These access controls shall be capable of
including or excluding access to the granularity of a single user.
Access permission to an object by users not already possessing access
permission shall only be assigned by authorized users.
B1: NAR.
B2: NAR.
B3: CHANGE: The enforcement mechanism (e.g., access control lists) shall
allow users to specify and control sharing of those objects. These
access controls shall be capable of specifying, for each named
object, a list of named individuals and a list of groups of named
individuals with their respective modes of access to that object.
ADD: Furthermore, for each such named object, it shall be possible to
specify a list of named individuals and a list of groups of named
individuals for which no access to the object is to be given.
A1: NAR.
Exportation of Labeled Information
C1: NR.
C2: NR.
B1: NEW: The TCB shall designate each communication channel and I/O
device as either single-level or multilevel. Any change in this
designation shall be done manually and shall be auditable by the
TCB. The TCB shall maintain and be able to audit any change in the
current security level associated with a single-level communication
channel or I/O device.
B2: NAR.
B3: NAR.
A1: NAR.
Exportation to Multilevel Devices
C1: NR.
C2: NR.
B1: NEW: When the TCB exports an object to a multilevel I/O device, the
sensitivity label associated with that object shall also be exported
and shall reside on the same physical medium as the exported
information and shall be in the same form (i.e., machine-readable or
human-readable form). When the TCB exports or imports an object over
a multilevel communication channel, the protocol used on that channel
shall provide for the unambiguous pairing between the sensitivity
labels and the associated information that is sent or received.
B2: NAR.
B3: NAR.
A1: NAR.
Exportation to Single-Level Devices
C1: NR.
C2: NR.
B1: NEW: Single-level I/O devices and single-level communication channels
are not required to maintain the sensitivity labels of the
information they process. However, the TCB shall include a mechanism
by which the TCB and an authorized user reliably communicate to
designate the single security level of information imported or
exported via single-level communication channels or I/O devices.
B2: NAR.
B3: NAR.
A1: NAR.
Identification and Authentication
C1: NEW: The TCB shall require users to identify themselves to it before
beginning to perform any other actions that the TCB is expected to
mediate. Furthermore, the TCB shall use a protected mechanism (e.g.,
passwords) to authenticate the user's identity. The TCB shall
protect authentication data so that it cannot be accessed by any
unauthorized user.
C2: ADD: The TCB shall be able to enforce individual accountability by
providing the capability to uniquely identify each individual ADP
system user. The TCB shall also provide the capability of
associating this identity with all auditable actions taken by that
individual.
B1: CHANGE: Furthermore, the TCB shall maintain authentication data that
includes information for verifying the identity of individual users
(e.g., passwords) as well as information for determining the
clearance and authorizations of individual users. This data shall be
used by the TCB to authenticate the user's identity and to determine
the security level and authorizations of subjects that may be created
to act on behalf of the individual user.
B2: NAR.
B3: NAR.
A1: NAR.
Label Integrity
C1: NR.
C2: NR.
B1: NEW: Sensitivity labels shall accurately represent security levels of
the specific subjects or objects with which they are associated. When
exported by the TCB, sensitivity labels shall accurately and
unambiguously represent the internal labels and shall be associated
with the information being exported.
B2: NAR.
B3: NAR.
A1: NAR.
Labeling Human-Readable Output
C1: NR.
C2: NR.
B1: NEW: The ADP system administrator shall be able to specify the
printable label names associated with exported sensitivity labels.
The TCB shall mark the beginning and end of all human-readable,
paged, hardcopy output (e.g., line printer output) with human-
readable sensitivity labels that properly* represent the sensitivity
of the output. The TCB shall, by default, mark the top and bottom of
each page of human-readable, paged, hardcopy output (e.g., line
printer output) with human-readable sensitivity labels that
properly* represent the overall sensitivity of the output or that
properly* represent the sensitivity of the information on the page.
The TCB shall, by default and in an appropriate manner, mark other
forms of human-readable output (e.g., maps, graphics) with human-
readable sensitivity labels that properly* represent the sensitivity
of the output. Any override of these marking defaults shall be
auditable by the TCB.
B2: NAR.
B3: NAR.
A1: NAR.
____________________________________________________________
* The hierarchical classification component in human-readable
sensitivity labels shall be equal to the greatest
hierarchical classification of any of the information in the
output that the labels refer to; the non-hierarchical
category component shall include all of the non-hierarchical
categories of the information in the output the labels refer
to, but no other non-hierarchical categories.
____________________________________________________________
Labels
C1: NR.
C2: NR.
B1: NEW: Sensitivity labels associated with each subject and storage
object under its control (e.g., process, file, segment, device) shall
be maintained by the TCB. These labels shall be used as the basis
for mandatory access control decisions. In order to import non-
labeled data, the TCB shall request and receive from an authorized
user the security level of the data, and all such actions shall be
auditable by the TCB.
B2: CHANGE: Sensitivity labels associated with each ADP system resource
(e.g., subject, storage object) that is directly or indirectly
accessible by subjects external to the TCB shall be maintained by
the TCB.
B3: NAR.
A1: NAR.
Mandatory Access Control
C1: NR.
C2: NR.
B1: NEW: The TCB shall enforce a mandatory access control policy over all
subjects and storage objects under its control (e.g., processes,
files, segments, devices). These subjects and objects shall be
assigned sensitivity labels that are a combination of hierarchical
classification levels and non-hierarchical categories, and the labels
shall be used as the basis for mandatory access control decisions.
The TCB shall be able to support two or more such security levels.
(See the Mandatory Access Control guidelines.) The following
requirements shall hold for all accesses between subjects and objects
controlled by the TCB: A subject can read an object only if the
hierarchical classification in the subject's security level is
greater than or equal to the hierarchical classification in the
object's security level and the non-hierarchical categories in the
subject's security level include all the non-hierarchical categories
in the object's security level. A subject can write an object only
if the hierarchical classification in the subject's security level is
less than or equal to the hierarchical classification in the object's
security level and all the non-hierarchical categories in the
subject's security level are included in the non-hierarchical
categories in the object's security level.
B2: CHANGE: The TCB shall enforce a mandatory access control policy over
all resources (i.e., subjects, storage objects, and I/O devices) that
are directly or indirectly accessible by subjects external to the TCB.
The following requirements shall hold for all accesses between all
subjects external to the TCB and all objects directly or indirectly
accessible by these subjects:
B3: NAR.
A1: NAR.
Object Reuse
C1: NR.
C2: NEW: When a storage object is initially assigned, allocated, or
reallocated to a subject from the TCB's pool of unused storage
objects, the TCB shall assure that the object contains no data for
which the subject is not authorized.
B1: NAR.
B2: NAR.
B3: NAR.
A1: NAR.
Security Features User's Guide
C1: NEW: A single summary, chapter, or manual in user documentation shall
describe the protection mechanisms provided by the TCB, guidelines on
their use, and how they interact with one another.
C2: NAR.
B1: NAR.
B2: NAR.
B3: NAR.
A1: NAR.
Security Testing
C1: NEW: The security mechanisms of the ADP system shall be tested and
found to work as claimed in the system documentation. Testing shall
be done to assure that there are no obvious ways for an unauthorized
user to bypass or otherwise defeat the security protection mechanisms
of the TCB. (See the Security Testing guidelines.)
C2: ADD: Testing shall also include a search for obvious flaws that would
allow violation of resource isolation, or that would permit
unauthorized access to the audit or authentication data.
B1: NEW: The security mechanisms of the ADP system shall be tested and
found to work as claimed in the system documentation. A team of
individuals who thoroughly understand the specific implementation of
the TCB shall subject its design documentation, source code, and
object code to thorough analysis and testing. Their objectives shall
be: to uncover all design and implementation flaws that would permit
a subject external to the TCB to read, change, or delete data
normally denied under the mandatory or discretionary security policy
enforced by the TCB; as well as to assure that no subject (without
authorization to do so) is able to cause the TCB to enter a state
such that it is unable to respond to communications initiated by
other users. All discovered flaws shall be removed or neutralized
and the TCB retested to demonstrate that they have been eliminated
and that new flaws have not been introduced. (See the Security
Testing Guidelines.)
B2: CHANGE: All discovered flaws shall be corrected and the TCB retested
to demonstrate that they have been eliminated and that new flaws have
not been introduced.
ADD: The TCB shall be found relatively resistant to penetration.
Testing shall demonstrate that the TCB implementation is consistent
with the descriptive top-level specification.
B3: CHANGE: The TCB shall be found resistant to penetration.
ADD: No design flaws and no more than a few correctable
implementation flaws may be found during testing and there shall be
reasonable confidence that few remain.
A1: CHANGE: Testing shall demonstrate that the TCB implementation is
consistent with the formal top-level specification.
ADD: Manual or other mapping of the FTLS to the source code may form
a basis for penetration testing.
Subject Sensitivity Labels
C1: NR.
C2: NR.
B1: NR.
B2: NEW: The TCB shall immediately notify a terminal user of each change
in the security level associated with that user during an interactive
session. A terminal user shall be able to query the TCB as desired
for a display of the subject's complete sensitivity label.
B3: NAR.
A1: NAR.
System Architecture
C1: NEW: The TCB shall maintain a domain for its own execution that
protects it from external interference or tampering (e.g., by
modification of its code or data structures). Resources controlled
by the TCB may be a defined subset of the subjects and objects in
the ADP system.
C2: ADD: The TCB shall isolate the resources to be protected so that they
are subject to the access control and auditing requirements.
B1: ADD: The TCB shall maintain process isolation through the provision
of distinct address spaces under its control.
B2: NEW: The TCB shall maintain a domain for its own execution that
protects it from external interference or tampering (e.g., by
modification of its code or data structures). The TCB shall maintain
process isolation through the provision of distinct address spaces
under its control. The TCB shall be internally structured into well-
defined largely independent modules. It shall make effective use of
available hardware to separate those elements that are protection-
critical from those that are not. The TCB modules shall be designed
such that the principle of least privilege is enforced. Features in
hardware, such as segmentation, shall be used to support logically
distinct storage objects with separate attributes (namely: readable,
writeable). The user interface to the TCB shall be completely
defined and all elements of the TCB identified.
B3: ADD: The TCB shall be designed and structured to use a complete,
conceptually simple protection mechanism with precisely defined
semantics. This mechanism shall play a central role in enforcing the
internal structuring of the TCB and the system. The TCB shall
incorporate significant use of layering, abstraction and data hiding.
Significant system engineering shall be directed toward minimizing
the complexity of the TCB and excluding from the TCB modules that are
not protection-critical.
A1: NAR.
System Integrity
C1: NEW: Hardware and/or software features shall be provided that can be
used to periodically validate the correct operation of the on-site
hardware and firmware elements of the TCB.
C2: NAR.
B1: NAR.
B2: NAR.
B3: NAR.
A1: NAR.
Test Documentation
C1: NEW: The system developer shall provide to the evaluators a document
that describes the test plan and results of the security mechanisms'
functional testing.
C2: NAR.
B1: NAR.
B2: ADD: It shall include results of testing the effectiveness of the
methods used to reduce covert channel bandwidths.
B3: NAR.
A1: ADD: The results of the mapping between the formal top-level
specification and the TCB source code shall be given.
Trusted Distribution
C1: NR.
C2: NR.
B1: NR.
B2: NR.
B3: NR.
A1: NEW: A trusted ADP system control and distribution facility shall be
provided for maintaining the integrity of the mapping between the
master data describing the current version of the TCB and the on-site
master copy of the code for the current version. Procedures (e.g.,
site security acceptance testing) shall exist for assuring that the
TCB software, firmware, and hardware updates distributed to a
customer are exactly as specified by the master copies.
Trusted Facility Management
C1: NR.
C2: NR.
B1: NR.
B2: NEW: The TCB shall support separate operator and administrator
functions.
B3: ADD: The functions performed in the role of a security administrator
shall be identified. The ADP system administrative personnel shall
only be able to perform security administrator functions after taking
a distinct auditable action to assume the security administrator role
on the ADP system. Non-security functions that can be performed in
the security administration role shall be limited strictly to those
essential to performing the security role effectively.
A1: NAR.
Trusted Facility Manual
C1: NEW: A manual addressed to the ADP system administrator shall present
cautions about functions and privileges that should be controlled
when running a secure facility.
C2: ADD: The procedures for examining and maintaining the audit files as
well as the detailed audit record structure for each type of audit
event shall be given.
B1: ADD: The manual shall describe the operator and administrator
functions related to security, to include changing the
characteristics of a user. It shall provide guidelines on the
consistent and effective use of the protection features of the
system, how they interact, how to securely generate a new TCB, and
facility procedures, warnings, and privileges that need to be
controlled in order to operate the facility in a secure manner.
B2: ADD: The TCB modules that contain the reference validation mechanism
shall be identified. The procedures for secure generation of a new
TCB from source after modification of any modules in the TCB shall
be described.
B3: ADD: It shall include the procedures to ensure that the system is
initially started in a secure manner. Procedures shall also be
included to resume secure system operation after any lapse in system
operation.
A1: NAR.
Trusted Path
C1: NR.
C2: NR.
B1: NR.
B2: NEW: The TCB shall support a trusted communication path between
itself and user for initial login and authentication. Communications
via this path shall be initiated exclusively by a user.
B3: CHANGE: The TCB shall support a trusted communication path between
itself and users for use when a positive TCB-to-user connection is
required (e.g., login, change subject security level).
Communications via this trusted path shall be activated exclusively
by a user or the TCB and shall be logically isolated and unmistakably
distinguishable from other paths.
A1: NAR.
Trusted Recovery
C1: NR.
C2: NR.
B1: NR.
B2: NR.
B3: NEW: Procedures and/or mechanisms shall be provided to assure that,
after an ADP system failure or other discontinuity, recovery without a
protection compromise is obtained.
A1: NAR.
(this page is reserved for Figure 1)
GLOSSARY
Access - A specific type of interaction between a subject and an object
that results in the flow of information from one to the other.
Approval/Accreditation - The official authorization that is
granted to an ADP system to process sensitive information in
its operational environment, based upon comprehensive
security evaluation of the system's hardware, firmware, and
software security design, configuration, and implementation
and of the other system procedural, administrative,
physical, TEMPEST, personnel, and communications security
controls.
Audit Trail - A set of records that collectively provide
documentary evidence of processing used to aid in tracing
from original transactions forward to related records and
reports, and/or backwards from records and reports to their
component source transactions.
Authenticate - To establish the validity of a claimed identity.
Automatic Data Processing (ADP) System - An assembly of computer
hardware, firmware, and software configured for the purpose
of classifying, sorting, calculating, computing,
summarizing, transmitting and receiving, storing, and
retrieving data with a minimum of human intervention.
Bandwidth - A characteristic of a communication channel that is
the amount of information that can be passed through it in a
given amount of time, usually expressed in bits per second.
Bell-LaPadula Model - A formal state transition model of computer
security policy that describes a set of access control
rules. In this formal model, the entities in a computer
system are divided into abstract sets of subjects and
objects. The notion of a secure state is defined and it is
proven that each state transition preserves security by
moving from secure state to secure state; thus, inductively
proving that the system is secure. A system state is
defined to be "secure" if the only permitted access modes of
subjects to objects are in accordance with a specific
security policy. In order to determine whether or not a
specific access mode is allowed, the clearance of a subject
is compared to the classification of the object and a
determination is made as to whether the subject is
authorized for the specific access mode. The
clearance/classification scheme is expressed in terms of a
lattice. See also: Lattice, Simple Security Property, *-
Property.
Certification - The technical evaluation of a system's security
features, made as part of and in support of the
approval/accreditation process, that establishes the extent
to which a particular computer system's design and
implementation meet a set of specified security
requirements.
Channel - An information transfer path within a system. May also
refer to the mechanism by which the path is effected.
Covert Channel - A communication channel that allows a process to
transfer information in a manner that violates the system's
security policy. See also: Covert Storage Channel, Covert
Timing Channel.
Covert Storage Channel - A covert channel that involves the
direct or indirect writing of a storage location by one
process and the direct or indirect reading of the storage
location by another process. Covert storage channels
typically involve a finite resource (e.g., sectors on a
disk) that is shared by two subjects at different security
levels.
Covert Timing Channel - A covert channel in which one process
signals information to another by modulating its own use of
system resources (e.g., CPU time) in such a way that this
manipulation affects the real response time observed by the
second process.
Data - Information with a specific physical representation.
Data Integrity - The state that exists when computerized data is
the same as that in the source documents and has not been
exposed to accidental or malicious alteration or
destruction.
Descriptive Top-Level Specification (DTLS) - A top-level
specification that is written in a natural language (e.g.,
English), an informal program design notation, or a
combination of the two.
Discretionary Access Control - A means of restricting access to
objects based on the identity of subjects and/or groups to
which they belong. The controls are discretionary in the
sense that a subject with a certain access permission is
capable of passing that permission (perhaps indirectly) on
to any other subject.
Domain - The set of objects that a subject has the ability to
access.
Dominate - Security level S1 is said to dominate security level
S2 if the hierarchical classification of S1 is greater than
or equal to that of S2 and the non-hierarchical categories
of S1 include all those of S2 as a subset.
Exploitable Channel - Any channel that is useable or detectable
by subjects external to the Trusted Computing Base.
Flaw Hypothesis Methodology - A system analysis and penetration
technique where specifications and documentation for the
system are analyzed and then flaws in the system are
hypothesized. The list of hypothesized flaws is then
prioritized on the basis of the estimated probability that a
flaw actually exists and, assuming a flaw does exist, on the
ease of exploiting it and on the extent of control or
compromise it would provide. The prioritized list is used
to direct the actual testing of the system.
Flaw - An error of commission, omission, or oversight in a system
that allows protection mechanisms to be bypassed.
Formal Proof - A complete and convincing mathematical argument,
presenting the full logical justification for each proof
step, for the truth of a theorem or set of theorems. The
formal verification process uses formal proofs to show the
truth of certain properties of formal specification and for
showing that computer programs satisfy their specifications.
Formal Security Policy Model - A mathematically precise statement
of a security policy. To be adequately precise, such a
model must represent the initial state of a system, the way
in which the system progresses from one state to another,
and a definition of a "secure" state of the system. To be
acceptable as a basis for a TCB, the model must be supported
by a formal proof that if the initial state of the system
satisfies the definition of a "secure" state and if all
assumptions required by the model hold, then all future
states of the system will be secure. Some formal modeling
techniques include: state transition models, temporal logic
models, denotational semantics models, algebraic
specification models. An example is the model described by
Bell and LaPadula in reference [2]. See also: Bell-
LaPadula Model, Security Policy Model.
Formal Top-Level Specification (FTLS) - A Top-Level Specification
that is written in a formal mathematical language to allow
theorems showing the correspondence of the system
specification to its formal requirements to be hypothesized
and formally proven.
Formal Verification - The process of using formal proofs to
demonstrate the consistency (design verification) between a
formal specification of a system and a formal security
policy model or (implementation verification) between the
formal specification and its program implementation.
Functional Testing - The portion of security testing in which the
advertised features of a system are tested for correct
operation.
General-Purpose System - A computer system that is designed to
aid in solving a wide variety of problems.
Lattice - A partially ordered set for which every pair of
elements has a greatest lower bound and a least upper bound.
Least Privilege - This principle requires that each subject in a
system be granted the most restrictive set of privileges (or
lowest clearance) needed for the performance of authorized
tasks. The application of this principle limits the damage
that can result from accident, error, or unauthorized use.
Mandatory Access Control - A means of restricting access to
objects based on the sensitivity (as represented by a label)
of the information contained in the objects and the formal
authorization (i.e., clearance) of subjects to access
information of such sensitivity.
Multilevel Device - A device that is used in a manner that
permits it to simultaneously process data of two or more
security levels without risk of compromise. To accomplish
this, sensitivity labels are normally stored on the same
physical medium and in the same form (i.e., machine-readable
or human-readable) as the data being processed.
Multilevel Secure - A class of system containing information with
different sensitivities that simultaneously permits access
by users with different security clearances and needs-to-
know, but prevents users from obtaining access to
information for which they lack authorization.
Object - A passive entity that contains or receives information.
Access to an object potentially implies access to the
information it contains. Examples of objects are: records,
blocks, pages, segments, files, directories, directory
trees, and programs, as well as bits, bytes, words, fields,
processors, video displays, keyboards, clocks, printers,
network nodes, etc.
Object Reuse - The reassignment to some subject of a medium
(e.g., page frame, disk sector, magnetic tape) that
contained one or more objects. To be securely reassigned,
such media must contain no residual data from the previously
contained object(s).
Output - Information that has been exported by a TCB.
Password - A private character string that is used to
authenticate an identity.
Penetration Testing - The portion of security testing in which
the penetrators attempt to circumvent the security features
of a system. The penetrators may be assumed to use all
system design and implementation documentation, which may
include listings of system source code, manuals, and circuit
diagrams. The penetrators work under no constraints other
than those that would be applied to ordinary users.
Process - A program in execution. It is completely characterized
by a single current execution point (represented by the
machine state) and address space.
Protection-Critical Portions of the TCB - Those portions of the
TCB whose normal function is to deal with the control of
access between subjects and objects.
Protection Philosophy - An informal description of the overall
design of a system that delineates each of the protection
mechanisms employed. A combination (appropriate to the
evaluation class) of formal and informal techniques is used
to show that the mechanisms are adequate to enforce the
security policy.
Read - A fundamental operation that results only in the flow of
information from an object to a subject.
Read Access - Permission to read information.
Reference Monitor Concept - An access control concept that refers
to an abstract machine that mediates all accesses to objects
by subjects.
Resource - Anything used or consumed while performing a function.
The categories of resources are: time, information, objects
(information containers), or processors (the ability to use
information). Specific examples are: CPU time; terminal
connect time; amount of directly-addressable memory; disk
space; number of I/O requests per minute, etc.
Security Kernel - The hardware, firmware, and software elements
of a Trusted Computing Base that implement the reference
monitor concept. It must mediate all accesses, be protected
from modification, and be verifiable as correct.
Security Level - The combination of a hierarchical classification
and a set of non-hierarchical categories that represents the
sensitivity of information.
Security Policy - The set of laws, rules, and practices that
regulate how an organization manages, protects, and
distributes sensitive information.
Security Policy Model - An informal presentation of a formal
security policy model.
Security Testing - A process used to determine that the security
features of a system are implemented as designed and that
they are adequate for a proposed application environment.
This process includes hands-on functional testing,
penetration testing, and verification. See also: Functional
Testing, Penetration Testing, Verification.
Sensitive Information - Information that, as determined by a
competent authority, must be protected because its
unauthorized disclosure, alteration, loss, or destruction
will at least cause perceivable damage to someone or
something.
Sensitivity Label - A piece of information that represents the
security level of an object and that describes the
sensitivity (e.g., classification) of the data in the
object. Sensitivity labels are used by the TCB as the basis
for mandatory access control decisions.
Simple Security Property - A Bell-LaPadula security model rule
allowing a subject read access to an object only if the
security level of the subject dominates the security level
of the object.
Single-Level Device - A device that is used to process data of a
single security level at any one time. Since the device
need not be trusted to separate data of different security
levels, sensitivity labels do not have to be stored with the
data being processed.
*-Property (Star Property) - A Bell-LaPadula security model rule
allowing a subject write access to an object only if the
security level of the subject is dominated by the security
level of the object. Also known as the Confinement
Property.
Storage Object - An object that supports both read and write
accesses.
Subject - An active entity, generally in the form of a person,
process, or device that causes information to flow among
objects or changes the system state. Technically, a
process/domain pair.
Subject Security Level - A subject's security level is equal to
the security level of the objects to which it has both read
and write access. A subject's security level must always be
dominated by the clearance of the user the subject is
associated with.
TEMPEST - The study and control of spurious electronic signals
emitted from ADP equipment.
Top-Level Specification (TLS) - A non-procedural description of
system behavior at the most abstract level. Typically a
functional specification that omits all implementation
details.
Trap Door - A hidden software or hardware mechanism that permits
system protection mechanisms to be circumvented. It is
activated in some non-apparent manner (e.g., special
"random" key sequence at a terminal).
Trojan Horse - A computer program with an apparently or actually
useful function that contains additional (hidden) functions
that surreptitiously exploit the legitimate authorizations
of the invoking process to the detriment of security. For
example, making a "blind copy" of a sensitive file for the
creator of the Trojan Horse.
Trusted Computer System - A system that employs sufficient
hardware and software integrity measures to allow its use
for processing simultaneously a range of sensitive or
classified information.
Trusted Computing Base (TCB) - The totality of protection
mechanisms within a computer system -- including hardware,
firmware, and software -- the combination of which is
responsible for enforcing a security policy. It creates a
basic protection environment and provides additional user
services required for a trusted computer system. The
ability of a trusted computing base to correctly enforce a
security policy depends solely on the mechanisms within the
TCB and on the correct input by system administrative
personnel of parameters (e.g., a user's clearance) related
to the security policy.
Trusted Path - A mechanism by which a person at a terminal can
communicate directly with the Trusted Computing Base. This
mechanism can only be activated by the person or the Trusted
Computing Base and cannot be imitated by untrusted software.
Trusted Software - The software portion of a Trusted Computing
Base.
User - Any person who interacts directly with a computer system.
Verification - The process of comparing two levels of system
specification for proper correspondence (e.g., security
policy model with top-level specification, TLS with source
code, or source code with object code). This process may or
may not be automated.
Write - A fundamental operation that results only in the flow of
information from a subject to an object.
Write Access - Permission to write an object.
REFERENCES
1. Anderson, J. P. Computer Security Technology Planning
Study, ESD-TR-73-51, vol. I, ESD/AFSC, Hanscom AFB,
Bedford, Mass., October 1972 (NTIS AD-758 206).
2. Bell, D. E. and LaPadula, L. J. Secure Computer Systems:
Unified Exposition and Multics Interpretation, MTR-2997
Rev. 1, MITRE Corp., Bedford, Mass., March 1976.
3. Brand, S. L. "An Approach to Identification and Audit of
Vulnerabilities and Control in Application Systems," in
Audit and Evaluation of Computer Security II: System
Vulnerabilities and Controls, Z. Ruthberg, ed., NBS
Special Publication #500-57, MD78733, April 1980.
4. Brand, S. L. "Data Processing and A-123," in Proceedings of
the Computer Performance Evaluation User's Group 18th
Meeting, C. B. Wilson, ed., NBS Special Publication
#500-95, October 1982.
5. Denning, D. E. "A Lattice Model of Secure Information
Flow," in Communications of the ACM, vol. 19, no. 5
(May 1976), pp. 236-243.
6. Denning, D. E. Secure Information Flow in Computer Systems,
Ph.D. dissertation, Purdue Univ., West Lafayette, Ind.,
May 1975.
7. DoD 5200.1-R, Information Security Program Regulation,
August 1982.
8. DoD Directive 5200.28, Security Requirements for Automatic
Data Processing (ADP) Systems, revised April 1978.
9. DoD 5200.28-M, ADP Security Manual -- Techniques and
Procedures for Implementing, Deactivating, Testing, and
Evaluating Secure Resource-Sharing ADP Systems, revised
June 1979.
10. DoD Directive 5215.1, Computer Security Evaluation Center,
25 October 1982.
11. DoD 5220.22-M, Industrial Security Manual for Safeguarding
Classified Information, January 1983.
12. DoD 5220.22-R, Industrial Security Regulation, January 1983.
13. DoD Directive 5400.11, Department of Defense Privacy
Program, 9 June 1982.
14. Executive Order 12356, National Security Information,
6 April 1982.
15. Faurer, L. D. "Keeping the Secrets Secret," in Government
Data Systems, November - December 1981, pp. 14-17.
16. Federal Information Processing Standards Publication (FIPS
PUB) 39, Glossary for Computer Systems Security,
15 February 1976.
17. Federal Information Processing Standards Publication (FIPS
PUB) 73, Guidelines for Security of Computer
Applications, 30 June 1980.
18. Federal Information Processing Standards Publication (FIPS
PUB) 102, Guideline for Computer Security Certification
and Accreditation.
19. Lampson, B. W. "A Note on the Confinement Problem," in
Communications of the ACM, vol. 16, no. 10 (October
1973), pp. 613-615.
20. Lee, T. M. P., et al. "Processors, Operating Systems and
Nearby Peripherals: A Consensus Report," in Audit and
Evaluation of Computer Security II: System
Vulnerabilities and Controls, Z. Ruthberg, ed., NBS
Special Publication #500-57, MD78733, April 1980.
21. Lipner, S. B. A Comment on the Confinement Problem, MITRE
Corp., Bedford, Mass.
22. Millen, J. K. "An Example of a Formal Flow Violation," in
Proceedings of the IEEE Computer Society 2nd
International Computer Software and Applications
Conference, November 1978, pp. 204-208.
23. Millen, J. K. "Security Kernel Validation in Practice," in
Communications of the ACM, vol. 19, no. 5 (May 1976),
pp. 243-250.
24. Nibaldi, G. H. Proposed Technical Evaluation Criteria for
Trusted Computer Systems, MITRE Corp., Bedford, Mass.,
M79-225, AD-A108-832, 25 October 1979.
25. Nibaldi, G. H. Specification of A Trusted Computing Base,
(TCB), MITRE Corp., Bedford, Mass., M79-228, AD-A108-
831, 30 November 1979.
26. OMB Circular A-71, Transmittal Memorandum No. 1, Security of
Federal Automated Information Systems, 27 July 1978.
27. OMB Circular A-123, Internal Control Systems, 5 November
1981.
28. Ruthberg, Z. and McKenzie, R., eds. Audit and Evaluation of
Computer Security, in NBS Special Publication #500-19,
October 1977.
29. Schaefer, M., Linde, R. R., et al. "Program Confinement in
KVM/370," in Proceedings of the ACM National
Conference, October 1977, Seattle.
30. Schell, R. R. "Security Kernels: A Methodical Design of
System Security," in Technical Papers, USE Inc. Spring
Conference, 5-9 March 1979, pp. 245-250.
31. Trotter, E. T. and Tasker, P. S. Industry Trusted Computer
Systems Evaluation Process, MITRE Corp., Bedford,
Mass., MTR-3931, 1 May 1980.
32. Turn, R. Trusted Computer Systems: Needs and Incentives for
Use in government and Private Sector, (AD # A103399),
Rand Corporation (R-28811-DR&E), June 1981.
33. Walker, S. T. "The Advent of Trusted Computer Operating
Systems," in National Computer Conference Proceedings,
May 1980, pp. 655-665.
34. Ware, W. H., ed., Security Controls for Computer Systems:
Report of Defense Science Board Task Force on Computer
Security, AD # A076617/0, Rand Corporation, Santa
Monica, Calif., February 1970, reissued October 1979.
DoD STANDARD 5200.28: SUMMARY OF THE DIFFERENCES
BETWEEN IT AND CSC-STD-001-83
Note: Text which has been added or changed is indented and preceded by > sign.
Text which has been deleted is enclosed in slashes (/). "Computer Security
Center" was changed to "National Computer Security Center" throughout the
document.
The FOREWORD Section was rewritten and signed by Mr. Don Latham on
26 Dec 85. The ACKNOWLEDGEMENTS Section was updated.
The PREFACE was changed as follows:
PREFACE
The trusted computer system evaluation criteria defined in this
document classify systems into four broad hierarchical divisions
of enhanced security protection. The criteria provide a basis
for the evaluation of effectiveness of security controls built
into automatic data processing system products. The criteria
were developed with three objectives in mind: (a) to provide
users with a yardstick with which to assess the degree of trust
that can be placed in computer systems for the secure processing
of classified or other sensitive information; (b) to provide
guidance to manufacturers as to what to build into their new,
widely-available trusted commercial products in order to satisfy
trust requirements for sensitive applications; and (c) to provide
a basis for specifying security requirements in acquisition
specifications. Two types of requirements are delineated for
secure processing: (a) specific security feature requirements and
(b) assurance requirements. Some of the latter requirements
enable evaluation personnel to determine if the required features
are present and functioning as intended.
>The scope of these criteria is to be applied to
>the set of components comprising a trusted system, and is
>not necessarily to be applied to each system component
>individually. Hence, some components of a system may be
>completely untrusted, while others may be individually
>evaluated to a lower or higher evaluation class than the
>trusted product considered as a whole system. In trusted
>products at the high end of the range, the strength of the
>reference monitor is such that most of the system
>components can be completely untrusted.
Though the criteria are
>intended to be
application-independent, /it is recognized that/ the
specific security feature requirements may have to be
interpreted when applying the criteria to specific
>systems with their own functional requirements,
>applications or special environments (e.g., communications
>processors, process control computers, and embedded systems
>in general).
The underlying assurance requirements can be
applied across the entire spectrum of ADP system or
application processing environments without special
interpretation.
The SCOPE Section was changed as follows:
Scope
The trusted computer system evaluation criteria defined in this
document apply
>primarily
to /both/ trusted, commercially available
automatic data processing (ADP) systems.
>They are also applicable, as amplified below, to the
>evaluation of existing systems and to the specification of
>security requirements for ADP systems acquisition.
==================================================================
/ /
/ File 05 / NIA071 /
/ List of USENET Texas Nodes /
/ Lord Macduff /
/ /
This is a list of all USENET nodes in Texas. They are presented in the
following format:
nodename
Corporation that owns machine
System Administrator
Netmail address
Phone Number
Physical Address
Have fun, and let me know if you have any luck getting accounts/etc. on
any of these systems.
accu-reg
Accu-Reg, Inc.
Brenda Brakebill
accu-reg!root
214 934 9533
4220 Beltwood Parkway #107, Dallas, TX 75244
acsi
Advanced Computing Solutions, Inc.
Russ Helbig
acsi!hrh
713 280 9917
17049 El Camino Real, Suite 202, Houston, TX 77058
actnet
NEC America, Inc.
Tom Scurlock
actnet!root
214 907 4492
383 Omni Drive, Richardson, TX 75080
acw
Austin Code Works
Scott B. Guthery
acw!guthery
512 258 0785
11100 Leafwood Lane, Austin, Texas 78750-3409
adaptex
Adaptec Inc.
Roy Neese
adaptex!neese
817-481-3390
Adaptec Inc.;1701 W. Northwest Highway;Grapevine, Tx. 76051
adaptx1
Adaptec Inc.
Roy Neese
adaptx1!neese
817-481-3390
Adaptec Inc.;1701 W. Northwest Highway;Grapevine, Tx. 75051
aefvadh
private system
Ed Carp
khijol!erc
512 832 5884
2000 Cedar Bend Dr., Austin, TX 78758
NOTES: aefvadh means "Be welcome" in Rihannsu (or Romulan, if you prefer)
aerot
Aero Tire and Tank Inc.
David Kirby
aerot!david
214 247 2845
P.O.Box 59889, Dallas, Tx, 75229-1889
afbs, afbs.af.mil
Headquarters Air Force Broadcasting Service
Durand C. 'Randy' Waters, Chief Information Resources Division
xoidw@afbs.af.mil
512 925 8861
HQ AFBS/XOI, Kelly AFB, TX 78241-5000
afnews, afnews.af.mil
Air Force News Center
Michael L. Bergman, Chief Communications-Computer Systems
afnews!bergman
512 925 8688
AFNEWS/SCC, Kelly AFB TX 78241-5000
agent99
Dell Computer Corporation
Ron McDowell
agent99!postmaster
512 338 4400
9505 Arboretum Blvd., Austin, TX 78759-7299
airgun, airgun.wg.waii.com
Western Geophysical - Division of Western Atlas International Inc.
Mark I. Whetzel, Frank Vance
postmaster@airgun.wg.waii.com
713 789 9600 x2446, 713 789 9600 x2426
10,001 Richmond Avenue, Houston, TX 77042
aixserv
IBM
Jerome Park
aixserv!jerome
512 823 2082
11400 Burnet Rd., Zip 2900, Austin, TX 78758
ajahnv, ajahnv.lonestar.org
private system
Alfredo Jahn V
postmaster@ajahnv.UUCP
214-855-1316
3208 Cole Ave., #1303, Dallas, TX 75204
akasha
The Akashic Records
Ed Carp
khijol!erc
512 832 5884
2000 Cedar Bend Dr., Austin, TX 78758
aldoe
IRS ICS Micro Support
Kenneth R. Moore
aldoe!kmoore
214 308-1752
4050 Alpha Rd MC 5005 Dallas, Tx. 75244
amair
American Airlines
Jim Swanson
amair!jim
817 963 4310
MD 4480, P.O.Box 619630, DFW Airport, TX 75261
amytree
Donald A Kassebaum
Donald A Kassebaum
amytree!dak
512 462 9963
506 Strawberry Cove ; Austin, Tx 78745
angel
Angels Retreat
Larry Tenbush
angel!larry
512 696 0995
P.O. Box 5659, San Antonio, TX 78201-0659
DIALUP: 512 696-7708
NOTES: Public System
apcidfw
Apollo Division, Hewlett-Packard Company
Keith Cantrell
apcidfw!keith
1 214-519-2399
3301 Royal Lane, Irving, Texas
apiary
Advanced Micro Devices, Inc.
Terry Bush
apiary!terry
512 356 3443
M.S. 511, 5204 E. Ben White Blvd., Austin, TX 78741
aquinas, aquinas.lonestar.org
Privately Owned System
Sean McCollister
aquinas!postmaster
214 414 0936
1914 Sage Drive, Garland, TX 75040
armcomp
ASC People Connection
Byron Armstrong
armcomp!sysop
(512) 647-8189
No Known Address
NOTES: Public Electronic Message System
ataritx
Atari MicroSystems Corp.
Dave Hanna
ataritx!postmaster
214 713 9111
4115 Keller Springs Rd, Suite 200, Dallas, TX 75244
austex
JP Price
JP Price
austex!jprice
512 444 8691
810 W. St. Elmo, Austin TX 78745
austsun
Sun Microsystems, Inc.
Jim Thompson
jthomp@Sun.COM
214 788 1951
14785 Preston Road, Suite 1050, Dallas, TX 75240-7607
avocado
personal system
Gary Morris, N5QWC
avocado!postmaster
713 283 5195 (daytime)
P.O. Box 580148, Houston, TX 77258-0148
awful
a.out computer consultants
Andrew Fullford
awful!postmaster
214 386 2941
14930 Cypress Hills Drive, Dallas, Texas 75248
balkan, .tnt.com
Tools & Techniques, Inc.
William G. Bunton
postmaster@balkan.tnt.com, wgb@balkan.tnt.com
512 482 0824
1620 W 12th St., Austin, TX 78703
baylor
Baylor College of Medicine
Stan Barber
sob@tmc.edu
713 798 6042
One Baylor Plaza, Houston, Tx 77030
bcm
Baylor College of Medicine
Stan Barber
postmaster@tmc.edu, sob@bcm.tmc.edu
713 798 6042
Baylor College of Medicine, One Baylor Plaza, Houston, Texas 77030
bearsw
Bear Software
K. Finkemeyer
bearsw!karlf
817 962 8080
P.O. Box 729, Colleyville, TX 76034
bigboy
Capital Institutional Services
Steve Wheeler
bigboy!root
214 720 0050
750 N St. Paul, Suite 2200, Dallas, TX 75201
bigtex, .cactus.org
Institute of Applied Cosmology
James Van Artsdalen
postmaster@bigtex.cactus.org
512 338 8789
Dell Computer Co, AR3, 9505 Arboretum Blvd., Austin TX 78759
biogfx
Biographics, Inc.
Wade K. Smith
biogfx!postmaster
214 637 4112
1221 Riverbend Drive Suite 273, Dallas TX 75247
blackice
privately held
Phil Brownfield
blackice!postmaster
512 873 2022
PO Box 201480, Austin, TX 78720 USA
bodedo, bodedo.ucm.org
Jon Boede Consulting
Jon Boede
bodedo.ucm.org!postmaster
512 346-3142
7117 Wood Hollow #1013, Austin TX, 78731-2548
bonnell
Mount Bonnell Inc.
William King
bonnell!uuadm
512 478 1122
1201 West 24th St, Suite 103, Austin, TX 78705
botany
University of Texas at Austin
Brook G. Milligan
ut-emx!brook
512 471 3530
Department of Botany
brain
BIAP Systems, Mac Software Development
Chuck Shotton
brain!chuck
713 480-9489, 713 282-6444
1418 New Cedars Dr., Houston, TX 77062
buster, buster.stafford.tx.us
Unix Software Development System
Buster Irby
buster!postmaster
713 499 5735, 713 556 3877
13019 Naples Lane, Stafford, Texas 77477
cadillac
MCC CAD Program
John Arisco, David Dow, Johnny Kwan
arisco@mcc.com, dow@mcc.com, kwan@mcc.com
512 338 3576, 512 338 3777, 512 338 3483
3500 West Balcones Center Dr., Austin, TX 78759
NOTES:Cadillac will only call other sites. No dial in connections allowed.
cairns
Youth With a Mission Mercy Ships
Lance Lenz
cairns!root
903 963 8341
P.O Box 2020 Lindale Tx. 75771
caleb
Private system
Jim Pritchett
caleb!jdp
817 377 2919
4605 Ranch View Road, Fort Worth, TX 76109
camdev
Motorola Inc, Communications Sector; Mobile Products Division
Steve Scott
camdev!sscott
817 232 6317
CAMS 4G; P.O. Box 2931, Ft. Worth, Texas 76113
NOTES:gateway machine to Motorola Ft. Worth network
carpet
W.L. Kennedy Jr. & Associates
William L. Kennedy, Jr. (Bill)
bill@ssbn.WLK.COM
512 535 4966
Box 63449 Bandera Falls, Pipe Creek, TX 78063-3449
ccmaint
University of Texas, Computation Center
Frank L. Abernathy [Editor's Note: Any relation to Joe?]
frank@ccmaint.UUCP
(512) 471-3241 x291
Austin, TX 78712
cerebell
Harrington Cancer Center
Kim Anderson
cerebell!root
806 359 4673
1500 Wallace Blvd, Amarillo, TX 79106
charlie
ALFA Engineering, Inc.
Donald Ninke
don@charlie.UUCP
512 794 8680
8911 Capitol of Texas Highway North, Suite 3210, Austin, TX 78759
chemsh
ChemShare Corporation
Douglas L. Acker
chemsh!postmaster
713 267 5602
PO Box 1885, Houston, Texas 77251
chinacat, .unicom.com
Unicom Systems Development
Chip Rosenthal
chinacat!postmaster
512 482 8260
2813A Rio Grande, Suite 105, Austin, TX 78705
chron (chron.com)
Houston Chronicle
Matt Cohen
postmaster@chron.com
713 220 7023
P.O. Box 4260, Houston, TX 77210
cleo
Alternative Broadcast Technology
Todd Nix
cleo!news
512 339 2242
4503 Abelia Drive, Austin, Texas 78727-5866
cms2, cms2.lonestar.org
Christian Medical & Dental Society
Alan McCain
cms2!alan
214 783 8384
1616 Gateway Blvd., Richardson, TX 75080
color48
Best Printing Co.
James Howard
color48!postmaster
512 477 9733
3218 Manor Rd. Austin, Tx 78723
convex, convex.com, .convex.com
Convex Computer Corporation
Coyne Gibson
coyne@convex.com
214 497 4842
3000 Waterview Parkway, Richardson, TX 75083
cord
Arco Oil & Gas
Gary White
cord!gwhite
214 754 6554
2300 W Plano Pkwy, Plano, TX 75075
cortex
Division of Neuroscience, Baylor College of Medicine
Mahmud Haque
postmaster@soma.bcm.tmc.edu, mahmud@soma.bcm.tmc.edu
713 789 5985
Division of Neuroscience, Baylor College of Medicine,
One Baylor Plaza, Houston, Texas 77030
cowboy
Frontier Information Systems
Kevin Langston
cowboy!postmaster, frontier!postmaster
214 315 0942
2025 Frontier Trail, Lewisville, TX 75067
cpqhou
Compaq Computer Corp.
Michael Nikolaiev
cpqhou!root
713 374 2716
M-206, PO Box 692660, Houston, TX 77269-2000
crick
Baylor College of Medicine
Stan Barber
postmaster@watson.bcm.tmc.edu
713 798 6042
Baylor College of Medicine, One Baylor Plaza, Houston, Texas 77030
cronus
Exxon Shipping Co.
Lee Parsons
cronus!root
713 656 5394
800 Bell, RM 3424, Houston, TX 77002
crucible
PowerTools
Al Evans
crucible!al
512 454 8201
1206 Karen Avenue, Austin, TX 78757
cs.utexas.edu
University of Texas, Austin, Dept. of Computer Sciences
Fletcher Mattox, John Chambers
cs.utexas.edu!postmaster
+1 512 471 7316
U. Texas, Dept. of Computer Sciences, Austin, TX 78712
csccat, csccat.cs.com, .cs.com
Computer Support Corporation
Jack Hudler
cscdec!jack
214 661 8960
15926 Midway Rd., Dallas, Texas 75244
csdnet
CogniSeis Development
John D. Deans
csdnet!deans
713 630 3854
2401 Portsmouth, Houston, TX. 77098
csoftec, .csf.com
CompSofTech Co.
Cliff Manis
csoftec!postmaster
512 654 9912
P. O. Box 33937, San Antonio, Texas 78265
ctbilbo
Communications Technology Corporation
Pete Ritter
ctbilbo!root
214 991 8338
4100 McEwen Drive, Suite 244, Dallas, TX 75244
cygnusx1,cygnusx1.haus.com
Private System
Darrell Roberts
cygnusx1!root
214 495 9105
2330 Jamaica Place, Garland, Tx 75044
dalitc
DSC Communications, Richardson, Tx.
Brian Pellerin
dalitc!brian
214-234-3340
630 International Pwky., Richardson, Tx. 75081
dallastx
Individual
Pete Taliancich
dallastx!root
214 416 0022
7825 McCallum Blvd., #210, Dallas, TX 75252
dalnet, dalnet.lonestar.org
DalNet Unix BBS System
Victor Turner
dalnet!victor
214 484 7547
14025 Janwood, Farmers Branch, TX, 75234
dalsqnt
Sequent Computer Systems, Inc.
Chris Erickson
dalsqnt!chris
214 770 5915
14881 Quorum Drive, Dallas, TX 75240
damark
Damark Service Company
Jon Boede
damark!postmaster
512 339-9585
8006-F Cameron Road, Austin Texas, 78753
dcrt,dcrt.dla.mil
Defense Contract Management Region Dallas
Carolyn Gramm
dcrt!postmaster (postmaster@dcrt.dla.mil)
214 670 9365
DCMR DAL-Z, 1200 Main Street, Dallas, TX 75202-4399
NOTES:Component organization of the U. S. Defense Contract Management Command
dell, .dell.com
Dell Computer Corporation
Dewey Coffman
dell!usenet
512 338 4400
9505 Arboretum Blvd., Austin, TX 78759-7299, AR4
deutsch
The German Connection
Dieter Belletz
deutsch!sysop
512 532-4756
No physical address listed
NOTES:Public Electronic Message System
digi, digi.lonestar.org
DSC Communications, Plano Tx.
Keith Cantrell
digi!kcantrel
214-519-2399
1000 Colt, Plano, Tx 75075
dinosaur
Keith Cantrell
dinosaur!keith
214-492-1088
2100 Sonata Ln. Carrollton TX 75007
dkwgate
DKW Systems Corporation
JR Jesson
dkwgate!jr
214 746 5880
4050 Infomart, 1950 Stemmons Freeway, Dallas, TX 75207
dms3b1
Infotouch Systems, Inc.
Dave Hanna
dms3b1!dave
817 540-1524
3900 Cedar Ridge Dr., Suite 100, Bedford, TX 76021
dogface
Bob Izenberg
dogface!bei
512 346 7019
8535 Capitol of Texas Highway North, Austin, TX 78759
dogpnd
Dana Ebersole
tsci!dana
817 577 0367
3902 Butler Ct., Colleyville, TX 76034
donbaya
Private system
Taijan Wei
donbaya!postmaster, donbaya!tjw
817 387 2218
P.O. Box 22734 TWU, Denton, TX 76204
dp7up
Bill Harris
Dr. Pepper/Seven-Up Company
dp7up!bill
214-360-7000
8144 Walnut Hill Ln, Dallas Tx 75231
dptspd
Datapoint Corporation, Product Development
Lee Ziegenhals
postmaster@sat.datapoint.com
512 593 7670
9725 Datapoint Drive, San Antonio, TX 78229-8552
drig
Dallas Remote Imaging Group (Satellite Tracking & Imaging)
Jeff Wallach, Ph.D.
drig!jw
214 394 7325
4209 Meadowdale Dr., Carrollton, Tx. 75010
dungeon, dungeon.lonestar.org
-[MCP] Systems Inc.
Chert Pellett
dungeon!chert
214 301-9108
P.O. Box 850132 Richardson, Tx 75085-0132
dunsel
W. L. Kennedy Jr. and Associates
William (Bill) L. Kennedy Jr.
bill@ssbn.WLK.COM
512 535 4966
Box 63449 Bandera Falls, Pipe Creek, TX 78063-3449
dynsim1
Litwin Process Automation
Vic Rice
dynsim1!root
713 497 6200
580 Westlake Park Blvd., Houston, TX 77251-1281
eca
Electrocom Automation, Inc.
Robert Winter
eca!root
817 695 5321
2910 Ave. F, Arlington, TX 76011-5276
ecaard
ElectroCom Automation L.P.
Rus Duderstadt
ecaard!rad
817 695 7524
2910 Ave. F East, Arlington, TX 76011
ecor1
Home System
Tod D. Romo
ecor1!root
512 824 5121
318 Jeanette, San Antonio, TX 78216
edsr
EDS Advanced Research
Jimmy Niemann
edsr!jcn
214 661 6052
7223 Forest Lane, Dallas, TX 75230
eec, .austin.eds.com
Austin Laboratory; EDS Research
Rob Mayoff
mayoff@austin.eds.com, postmaster@austin.eds.com
512 477 1892
Austin Lab, EDS Research, 1601 Rio Grande Ste. 451, Austin, TX, 78701
egsner, egsner.cirr.com, cirr.com
Central Iowa (Model) Railroad
Eric Schnoebelen
egsner!postmaster, egsner!eric
214 250-6899
7825 McCallum Blvd, #406, Dallas, Tx 75252
elpc
Cam Fox
Electro Plate Circuitry
elpc!cam
214 466-0818
1430 Century - Dallas - Tx - 75006
els3
Equipment Listing Service
Buddy Hilliker
els3!root
512 341 4900
Isom Road, San Antonio, TX 78216
engcon
LTV Aerospace and Defense Company
Ben Rouse
engcon!root
214 266 7268
P.O.Box 655907, M/S WT-25, Dallas, TX 75265
enigma, enigma.haus.com
Harris Adacom Corporation
Clay Luther
cluther@enigma.haus.com
214 386 2356
P.O. Box 809022, Dallas, Tx 75380-9022
ernest
Texas Instruments
Alan Edmonds
ernest!postmaster
214 575 6427
P.O. Box 869305, MS 8513, Plano, TX, 75086
execu,execu.execu.com
Execucom Systems Corp
Dewey Henize
usenet@execu.com
512 327 7070
Two Wild Basin, 108 Wild Basin Road, Austin, Texas 78746
NOTES:Execucom Systems is a software company specializing in Decision
Support Systems and Executive Decision Systems. At any given time
there are likely to be a relatively wide range of machines at this
site, including a Sequent, Suns, DECs, HPs, and Primes.
exitech
Exitech
John J. McGrath
ext-adm!admin
409 245 9023
1904 Stonesthrow Drive, Bay City, TX 77414
ext-adm
Exitech
John McGrath
ext-adm!admin
409 245 9023
1904 Stonesthrow Drive, Bay City, TX 77414
fallout
DECUS DFW Local User Group
John Wisniewski
fallout!system
214 686 8107
3308 Rockne, Mesquite, TX 75150
fcknfst
Doug Davis
Doug Davis
letni!doug
214 270 9226
4409 Sarazen / Mesquite / Tx / 77150
ferus
Private System
Alan J. Caldera
root@ferus.lonestar.org
817 294 2791
6062 Copperfield Dr. #842, Ft. Worth, TX 76132
ficc.ferranti.com
Ferranti International Controls Corporation
Peter da Silva
ficc!peter
713 274 5180
12808 West Airport Blvd./ Sugar Land TX 77487-5012
fl2
Ron McDowell
fl2!postmaster
512 655 3655
4418 Monaco, San Antonio, Texas 78218-4339
flatline
row major
J. Eric Townsend
jet@uh.edu
713 863 9137
511 Parker #2, Houston, Tx 77007
flattop, .progcons.com
Private Machine
Ron McDowell
flattop!postmaster
512 346 0138
9500 Jollyville Rd, #127, Austin, Texas 78759
foyinc
Foy Inc
James H. Foy
postmaster@foyinc.WLK.COM
214 782 7282
100 McKinney Street, Farmersville, Texas 75031
fozzy
Rockwell International
Dennis W. Fail
fozzy!fail
214 996 2471 (VOICE)
214 996 7768, 214 996 2412 (DIALUP)
1200 North Alma Road, M/S 448-100, Richardson, TX 75081
fquest
Public access BBS "Future Quest"
Kevin Basey
fquest!postmaster, fquest!kevin
512 834 9877
2018 West Rundberg #2a Austin, Tx. 78758
frontier, frontier.lonestar.org
Frontier Information Systems
Kevin Langston
frontier!postmaster
214 315 0942
2025 Frontier Trail, Lewisville, TX 75067
fubar
Private Machine
Damon Permezel
fubar!dap
512 371 3545
pobox 9068, austin, tx 78766-9068
furp, furp.lonestar.org
Strawberry Furp Suprise
Kurt Grutzmacher
furp!grutz
214 392 7312
13707 Rolling Hills Dallas, Tx. 75240
fuzzy, fuzzy.lonestar.org
Privately Owned
John Elliott IV
iv@fuzzy.lonestar.org
817 249 2147
1050 Cottonwood Trail; Benbrook, TX 76126-2734
gbdata
GB Data Systems
gbdata!root
713 363 3074
2427 Falls Church, Houston, Texas, 77067
gbm
General Business Machines
Cedric Reddick
gbm!root
713 984 8561
9610 Long Point, Suite 314, Houston, TX 77055
gdfwc3
General Dynamics, Fort Worth Division, C3 Systems
Todd Shutts
gdfwc3!todd
817 777 8168
General Dynamics Blvd., Fort Worth, TX 76108
gescorp1
Golden Era Services, Inc.
Stuart C. Cater
gescorp1!root
713 524 8881
2727 Allen Parkway, Suite 1900, Houston, TX 77019
global
Global Advantage
Gary Henderson
global!ghenderson
713 356 6043
1105 Meyer, P.O. Box 434, Seabrook, TX 77586
gtmvax
GTE Telemessager, GTE information services
Steve Linebarger,Floyd Ferguson
gtmvax!steve,gtmvax!floydf
214 929 7943, 214 929 7942
9150 Royal Lane, Suite 130, Irving, TX 75063
hackbox
Harmonix Incorporated
Jason Martin Levitt
hackbox!jason
512 326-9102
PO Box 3344, Austin, TX 78764
hal6000 hal6000.tandy.com
Tandy Systems Software
Frank Durda IV
hal6000.UUCP!uhclem
817 390 2865
1300 Two Tandy Center; Ft. Worth, TX 76102
halley
Tandem Computers
Brad Benton
Jack Bell
halley!postmaster
512 244 8000
14231 Tandem Blvd; Austin, Texas 78728
harlie
Private System
Mitch Mitchell
harlie!postmaster
214 248 8149, 214 519 3257
18330 Gallery Drive #723, Dallas, TX, 75252-5143
hdrock
Western Atlas International - CORE LABORATORIES
John Charles Welch
hdrock!john
214 566 1446
3230 GE Drive, Tyler, Tx, 75703
helps
Howard Electronics Laboratories, Products & Services
James Howard
helps!postmaster
512 329 8910
P. O. Box 160184, Austin, TX 78716-0184
hiplot
Houston Instrument, a division of Summagraphics, Inc.
Gary Powell
hiplot!postmaster
512 835 0900
8500 Cameron Road, Austin, TX 78753
hnb08
Eastman Christensen
Larry Flournoy
hnb08!root
713 985 3870
15355 Vantage Pkwy.,West, Houston, TX 77032
hounix
Houston Unix Users Group
Chuck Bentley
hounix!chuckb
713 827-8133
5644 Westheimer #222, Houston, TX 77056
hpaustx
Hewlett Packard - Austin Texas Office
Stuart Jarriel
hpaustx!stuart
512 338 7262
9050 Capitol of Texas Highway North, Suite 290, Austin TX 78759
hrnowl, hrnowl.lonestar.org
Horned Owl BBS
Paul Elliott
anwyn@hrnowl.lonestar.org
(713)781-4543
5857 South Gessner #224 Houston, texas 77036
hutto
Private Machine
Henry Melton
hutto!henry
512 846 3241
Route 1 Box 274E, Hutto Texas 78643-9751
ibes
IBES Corp.
Tim Anderson
ibes!ta
214 907 8475
1201 Richardson Dr. Richardson, TX 75080
ibnet214
Information Brokerage Network
David Woods
ibnet214!root
214 733 0466
P.O. Box 796514, Dallas, TX 75379
icus, .ICUS.COM
ICUS Software Systems [Development Center I]
Leonard B. Tropiano
icus!lenny, icus!postmaster, postmaster@icus.ICUS.COM
14300 Tandem Blvd #222, Austin, TX 78728
icusdvlp, icusdvlp.ICUS.COM
ICUS Software Systems [Development Center II]
Leonard B. Tropiano
icus!lenny, icus!postmaster, postmaster@icus.ICUS.COM
14300 Tandem Blvd #222, Austin, TX 78728
iex
IEX Corporation
Bob Blencowe, Robert Brazile
iex!postmaster
214 612-2600
1400 Preston Road, Suite 350, Plano, Texas 75093
ijcr
Institute Of Judaic-Christian Research
John R. Hill
hill@ijcr.merch.tandy.com
817 346 1247
P.O. Box 331564 Fort Worth, Texas 76163
imsl
Individual
Edward B. Herrera
imsl!herrera
713 782 6060
2500 Parkwest Blvd., Houston, TX 77042
inebriae
Tel-Account, Inc.
Lawrence M. Wesson, C.P.A.
postmaster@inebriae.WLK.COM
214 788-2582
12740 Hillcrest #107 Dallas, TX 75230
infohub
Radio Shack Computer Merchandising
G. David Butler, II
root@infohub.TANDY.COM
817 457 4043
1500 One Tandy Center, Ft Worth, TX, 76102
iphase
Interphase Corporation
Larry Hale
iphase!lsh
214 919 9204
13800 Senlac, Dallas, TX 75234
iquery
Programmed Intelligence Corp.
Matthew C. Reedy
postmaster@pic.com, iquery!postmaster
512 490 6684
400 N Loop 1604 E, Ste 100, San Antonio, TX 78232
issi
International Software Systems, Inc
Lisa A. Gerlich
issi!postmaster
512 338 5724
9430 Research Blvd, Suite 250, Austin, TX 78759
itcdal
Integral Technology Corporation
Doug Workings
itcdal!root
214 690 2770
2201 Waterview Parkway, Suite 1703, Richardson, TX 75080
jantor
Microlink Inc.
Herb Crosby
jantor!postmaster
713 338-2010
403 Nasa Rd. 1 E. Bx 349, Webster, TX 77598
jassys
private system
Tony Holden
jassys!news,jassys!tony
817 280-0282
729 Briarwood, Hurst, Tx. 76053
jcpenne
JC Penney Company Inc.
Robert J. Davis
jcpenne!rjdavis2
214 387 6156
12712 Park Central Place, Dallas, TX 75251
jkh0
John Kay Harris and Associates
John Harris
jkh0!root
713 667 1781
5650 Kirby, Suite 150, Houston, TX 77005
jmdst
Home System
Joe M. Doss
jmdst!postmaster
817 468 8932
904 Tennis Villa Drive, Arlington, TX, 76017
joshua, joshua.lonestar.org
Contract Programming in FoxBase+
Bill Harris
joshua!bill
214-424-1030 (DIALUP) 214-424-7626 (VOICE)
3396 Ave P, Plano, Texas 75074
k5qwb
Amatuer Radio Station k5qwb
Lyn R. Kennedy
k5qwb!lrk
214 217 0212
P. O. Box 5133, Ovilla, TX 75154
kawhou
Kurt A. Welgehausen
Kurt A. Welgehausen
kawhou!root
713 528 7132
P.O. Box 270835, Houston, TX 77277-0835
keys
Christopher L. Winemiller (personal system)
Chris Winemiller
keys!postmaster
214 393 0850, 214 519 3451
328 Plantation Drive, Coppell, TX USA 75019-3213
kf5iw
Honda Sport Touring Association
Jim Blocker
kf5iw!jim
214 996 6875
2524 Sundance Lane, Dallas, TX 75287-5871
khijol
Assault Weapons 'R Us
Ed Carp
khijol!erc
512 445 2044
1800 E. Stassney #1205, Austin, TX 78744
NOTES:khijol means "Beam me up!" in Klingon
kvue
KVUE-TV
Edward Sparks
sparks@kvue.UUCP
512 459 6521
PO Box 9927, Austin, TX 78766
laczko, laczko.ti.com
Private system
Frank L. Laczko, Sr
postmaster@laczko.ti.com
214 997 3988
P.O. Box 867676 Plano TX 75086
lad-shrike
Lockheed Missles & Space Co., Austin Division
David Capshaw
lad-shrike!usenet
512 448 5757
O/96-10 B/30E, 6800 Burleson Road, Austin, Texas 78744
lark
Lark Sequencing Technologies, Ltd.
Charlie Lawrence
713 798 6226
chas@mbir.bcm.tmc.edu
Medical Towers Building, Texas Medical Center, Houston, Tx 77030
lcra
Lower Colorado River Authority
Mike O'Donnell
lcra!postmaster
512 473-4058
3001 Lake Austin Blvd, #201, Austin, TX 78703
learjet
personal
Faisal Awada
learjet!postmaster
512 339 0961
3220 Duval Rd #1606, Austin, TX 78759
lerami, lerami.lonestar.org, lerami.cirr.com
Private System
Larry Rosenman
lerami!postmaster
214 399 0210
900 Lake Isle Circle, Irving, Texas 75060-7709
lescsse
Lockheed Engineering and Sciences Co.
Gary Morris
lobster!lescsse!postmaster
713 283 5195
1150 Gemini Avenue A-22, Houston, TX 77058
letni, letni.lonestar.org, .lonestar.org
Private System
Doug Davis
doug@letni.lonestar.org
214-908-2522
4409 Sarazen Mesquite Tx 75150
leviathn
Personal Machine
Adrian J. Hardesty
leviathn!adrian
713 862 1398
1134 Dorothy, Houston, TX 77008
lgc, .lgc.com
Landmark Graphics
Chris Martin
uucp@lgc.com
713 579 4891
333 Cypress Run, Suite 100, Houston, TX 77094
lib
The Texas Medical Center
Stan Barber
postmaster@tmc.edu, sob@bcm.tmc.edu
713 798 6042
Baylor College of Medicine, One Baylor Plaza, Houston, Texas 77030
NOTES:lib is a mail portal between THEnet and the internet
limbic
Southwest Systems Development Labs (Division of ICUS)
Gilbert C. Kloepfer, Jr.
gil@limbic.ssdl.com
8622 Maplecrest, Houston, TX 77099
lobster
Private System
Judy Scheltema
judy@lobster.hou.tx.us
8622 Maplecrest, Houston, TX 77099
lodestar
Lodestar Systems Inc.
Clifton M. Bean, Murry E. Page
lodestar!root
214 845 8245
14651 Dallas Parkway Suite 700 Dallas TX 75240
longway, .tic.com
Texas Internet Consulting
Smoot Carl-Mitchell, John S. Quarterman
postmaster@longway.tic.com
512-320-9031
701 Brazos Suite 500, Austin, TX 78701-3243
lotex
Chuck Bentley
lotex!chuckb
713 789 8928
5644 Westheimer #222, Houston, TX 77056
loyola
Comstock Connections
Jack L Bell
loyola!jack
512 928 8706
3103 Loyola Lane, Austin, TX 78723
lsg
The LAN Support Group, Inc.
Eric Pulaski
lsg!epulaski
713 621 9166
520 Post Oak Blvd., Suite 100, Houston, TX 77027
lwb
Univ. of Texas at Arlington, Dept. of Foreign Languages and Linguistics
Bob Mugele
lwb!root
817 273 3695
Box 19557, UTA, Arlington, Texas 76019
martian
Commodore-AMIGA 2000HD; AmigaDos 1.3.2, Amiga-UUCP V1.05D(0.40W/0.60W)
Robert J. Zepeda
Robert J. Zepeda
martian!rjz
512 794 8219
9500 Jollyville Road Apt. 197 ; Austin, Tx 78759
mavrick
Private System
Luis Basto
mavrick!luis
512 255 8350
12707 Poquoson Dr., Austin, TX 78727
maxwell
Southwest Research Institute
Keith S. Pickens
maxwell!postmaster
512 684 5111
6220 Culebra Road, San Antonio, Texas 78284
mbir
Molecular Biology Information Resource, Baylor College of Medicine
Charlie Lawrence
713 798 6226
chas@mbir.bcm.tmc.edu
Department of Cell Biology, Baylor College of Medicine,
One Baylor Plaza, Houston, Texas 77030
mcomp
Micro-Comp Consulting
William B. Dow
mcomp!bill
214 306 3165 214 306 1596
3309 Sam Rayburn Run, Carrollton, Tx, 75007
mcreate
MicroCreations
Darin Arrick
mcreate!darin
817 281 0612
P.O. Box 820054, North Richland Hills, TX, 76182
mdaeng,.mdaeng.com
MDA Engineering Inc.
Ralph W. Noack
mdaeng!postmaster
817 860 6660
500 E. Border St. Suite 401 Arlington Tx 76013
meddle
Discovery Hall Hands On Science Museum
Dennis Little
meddle!root
512 474 7616
401 Congress, Austin, TX 78752
memqa
Motorola Mos Memory R&QA
Henry Melton
memqa!postmaster
512 928 6328
3501 Ed Bluestein Blvd, Austin Texas
merch
Radio Shack Computer Merchandising
G. David Butler, II
root@merch.tandy.com
817 457 4043
1500 One Tandy Center, Ft Worth, TX, 76102
mercy
Mercy Medical Equipment Company
Ron McDowell
fl2!postmaster
512 655 3716
8527 Village Dr. #103, San Antonio, Texas 78217
mic
RGL Consulting
Richman G. Lewin
gary@mic.lonestar.org
214 278-4074
P.O.Box 2010, Dallas, Tx, 75221-2010
micrtk
Microtek Microbiology
Raymond C. Schafer
micrtk!postmaster
512 441 1066
5004 Emerald Forest Circle, Austin, TX 78745
milano
MCC Software Technology Program
Charles Sandel,Jim Knutson
milano!usenet,sandel@mcc.com,knutson@milano.uucp
512 338 3498, 512 338 3362
9390 Research Blvd. Austin, TX 78759
mitek, mitek.com, sequent.mitek.com, .mitek.com
Mitek Open Connect Systems
David M. Lyle
mitek!postmaster
214 490 4090
2033 Chennault Drive; Carrollton, Tx 75006
mizarvme
Mizar, Inc.
mizarvme!usenet
214 446 2664
1419 Dunn Drive, Carrollton, TX 75006
montagar
Privately Owned and Operated
David L. Cathey
montagar!system
214 618-2117
6400 Independence #601, Plano, TX 75023
motaus
Motorola Inc., Semiconductor Products Sector
Phil Brownfield
motaus!postmaster
512 873 2022
11120 Metric Blvd., Austin, TX 78758 USA
moxie, moxie.hou.tx.us
Greg Hackney
hack@moxie.hou.tx.us
713+351-2125
P.O. Box 1173, Tomball, Texas 77377-1173
mwi
Mueller & Wilson, Inc.
Ron C. Wilson
mwi!ron
512 824 9461
P.O. Box 17659, San Antonio, TX 78217
mwk
M. W. Kellogg
Lee K. Gleason
mwk!postmaster
713 753 4455
601 Jefferson, Houston, TX 77210
n5lyt,n5lyt.boerne.tx.us
Amateur radio station n5lyt
Lee Ziegenhals
n5lyt!postmaster
512 699 5670
P.O. Box 815, Boerne, TX 78006
natinst
National Instruments Corporation
Brian H. Powell
natinst!postmaster
512 794 5506
6504 Bridge Point Parkway, Austin, Texas 78730-5039
ncmicro, ncmicro.lonestar.org
NC Microproducts, Inc., Development/Field Support
Lance Franklin
postmaster@ncmicro.lonestar.org
214-234-6655
2323 N. Central Expressway, Suite 380, Richardson, Tx, 75080
necbsd
NEC America
Ying-Da Lee
necbsd!ylee
214 518 5000
1525 Walnut Hill Lane, Irving, TX 75038
nemesis, nemesis.lonestar.org
Privately Owned
Frank Durda IV
uhclem@nemesis.lonestar.org
817 292 2270
5951 Ashford Ct; Fort Worth, TX 76133-3013
netdev, .comsys.com
Communication Systems Research
Alex Huppenthal
netdev!alex
214 250-3807
6045 Buffridge Trail, Dallas, TX 75252
nidhog, nidhog.cactus.org
CACTUS (Capitol Area Central Texas UNIX Society)
Henry D. Reynolds(hdr)
nidhog!hdr
512 448 3617(VOICE)
1718 Valeria Austin, TX 78704
ninja
db Systems
G. David Butler, II
root@ninja.UUCP
817 457 4043
6940 Misty Glen Court, Ft Worth, TX, 76112
nominil
Lonesome Dove Computing Services
Mark C. Linimon
usenet@nominil.lonestar.org
512 218 0805
14300 Tandem Boulevard #239, Austin, TX 78728
nowhere
Software Solutions
Steven King
nowhere!sking
512 339 8642
1615 A West Braker Ln, Austin, Tx, 78758
npqc
Tandy National Parts, Quality Control Department
Keith Ward
npqc!qcdev!root
817 870 5650
900 E. Northside Dr., Fort Worth, TX 76102
nthropy
Nth Graphics, Ltd.
Andy Lowe
nthropy!postmaster
512 832 1944
1807-C W. Braker Ln., Austin, TX 78758
ntpal
Bell Northern Research, Inc.
Dana Cavasso
ntpal!dcavasso, ntpal!postmaster
214 301-2664
2435 N. Central Expressway, Richardson, TX 75080
nuchat
South Coast Computing Services, Inc.
Steve Nuchia
nuchat!postmaster
713 964 2462
POB 270249 Houston, Texas 77277-0249
nuke, nuke.conmicro.com
Private System
Ron Harter
postmaster@nuke.conmicro.com
713 334 2023
3007 Twinleaf, League City, TX 77573
oakhill
Motorola
Ed Rupp
ed@oakhill.sps.mot.com
512 891-2224
Motorola Inc., Mail Drop OE37, 6501 William Cannon Dr. West,
Austin, TX 78735-8598
obiwan
Privately owned
Bob Willcox
obiwan!bob
512 258 4224, 512 331 0865
11209 Della Torre Drive, Austin, TX 78750
ohdoor
Overhead Door Corp.
Steven Forrester
ohdoor!steve
214 556-2726
1910 Crown Dr., Farmers Branch, Tx, 75234
omnicomp
Omnicomp Graphics Corporation
H. H. Parker
omnicomp!root
713 464 2990
1734 West Belt North, Houston, TX 77043
osgiliath
Personal
Marc St.-Gil
osgiliath!marc
214 250 3014
4912 Haverwood Lane #913, Dallas, Tx 75287
ozdaltx
Robert Scott, XENIX systems Consultant/OZ BBS
Robert Scott
ozdaltx!root
214 247-5609, 214 247-2367
No physical address known
palace
The Palace BBS
Barry Dunlap
palace!root
713 488 2721 (VOICE) 713 280 9116 (DIALUP)
15102 Penn Hills, Houston, TX 77062
para1
Paranet
Richard L. Sonnier III
para1!root
713 467 3100
1743 Stebbins Dr, Houston, TX 77043
pcinews
Publications & Communications, Inc.
Bill Lifland
pcinews!wdl
512 250 9023
12416 Hymeadow Dr., Austin, Texas 78750-1896
pemrac
Southwest Research Institute
Richard Murphy
pemrac!karen, karen@pemrac.space.swri.edu
512 522 5322
6220 Culebra Rd., San Antonio, TX 78284
pensoft
Pencom Software Inc.
David Bryant, Mike Heath, Lorne Wilson
pensoft!postmaster
512 343 1111
9050 Capitol of Texas Hwy North, Austin TX, 78759
petro
G.M. Andreen & Associates, Inc.
Gilbert B. Andreen
petro!postmaster
512 826 1733
235 Rockhill Dr. San Antonio, Texas 78209
peyote
Capital Area Central Texas Unix Society
Jim Knutson,Charles Sandel
peyote!postmaster
512 338 3362, 512 338 3498
9390 Research Blvd., Austin, TX 78759
pisces, pisces.lonestar.org
Privately owned system
David Aldrich
dga@pisces
817 267 9587
13709 West Rim Dr. #807 Euless Texas USA 76040
piziali
Pizialis
Andrew J. Piziali
piziali!postmaster
214 442 7483
6616 Estados Drive, Parker, Texas 75002-6800
pojen
MicroAge
Jimmy Ko
pojen!root
214 348 1523
11601 Plano Rd. #108, Dallas, TX 75243
ponder
University of North Texas, Computer Science Department
Johnny Carroll
ponder!carroll
817 565 2279
PO Box 13886 Denton, Texas 76203
procon
Pro Consultants, Inc.
Monte Daily, Rick San Soucie
procon!monte,procon!rick
214 637 7710
1230 River Bend Drive #215 Dallas, TX 75247
prosoft
Prosoft, Inc.
Jim Holmes
prosoft!postmaster
512 836 6328
2011 Rutland Drive, Austin Texas, 78758
qcdev
Tandy National Parts, Quality Control Department
Keith Ward
qcdev!root
817 870 5650
900 E. Northside Dr., Fort Worth, TX 76102
qtdallas
Quickturn Systems Inc.
Dasha Estes
qtdalllas!root
214 516 3838
101 E. Park Blvd, Suite 600, Plano, TX 75045
radar.aca.mcc.com
MCC; ACT Program
Beth Paxton
postmaster@radar.aca.mcc.com
512 338 3494
MCC / ACT Program; 3500 W. Balcones Center Dr.; Austin, Tx 78759
rancor
IBM Advanced Workstations Division (AWD)
Bob Willcox
rancor!bob
512 258 4224, 512 331 0153
11209 Della Torre Drive, Austin, TX 78750
ray
Raymond Schafer Associates
Raymond C. Schafer
ray!postmaster
512 441 1066
5004 Emerald Forest Circle, Austin, TX 78745
rcc1
Realistic Computing Company
Richard C. McIntosh Jr.
rcc1!rcmjr
214 528 4071 (Voice)
4524 McKinney Ave. Suite 104, Dallas, Texas 75205
rdsoftwr
Robert M. Dunaway
Robert M. Dunaway
rdsoftwr!bob
214 252 3745
3541 Esplendor Avenue, Irving, TX 75062
redsim
Hughes Simulation Systems Inc. (formerly Rediffusion Simulation Inc.)
Ronald B. Adams
redsim!postmaster , postmaster@redsim.lonestar.org
817 695 2270
2200 Arlington Downs Road, Arlington, TX 76011-6382
rei2
Recognition Equipment, Incorporated
Mike Grabert
rei2!mike
214 579 6171
P.O. Box 660204, Dallas, Texas 75266-0204
rice
Rice University, Houston, TX
Evan Wetstone
postmaster@rice.edu
713-527-8101
Neworking & Computer Systems, P.O. Box 1892, Houston, Tx 77251
rmc,rmc.liant.com
Ryan McFarland Corporation
Tom Grubbs
rmc!trg
512 343 1010
8911 Capital of Texas Highway North, Austin, Texas 78759
romp
IBM Advanced Workstations Division
Bob Willcox
romp!bob
512 838 3585
4B-76/803, 11400 Burnet RD, Austin, TX 78758
ross
ROSS Technology, Inc.
Carl Dobbs
ross!postmaster
512 448 8968
7748 Hwy. 290 West, Austin TX 78736
rover
DPI Workplace
Dennis W. Wimer
rover!dwimer
817 281 4562
6130 Glenview Drive, #110, N. Richland Hills, TX 76180
rpp386, rpp386.cactus.org, rpp68k
D/B/A River Parishes Programming
John F. Haugh II
rpp386!jfh
512-pri-vate
No Known Address
rrbible
Personal System
Bryan Bible
rrbible!btb
512 255 2258
313 Rawhide Loop, Round Rock TX 78681
rrm
Martin Computer Services
Richard R. Martin
rrm!postmaster
214 647 4145
634 Dallas Avenue, Grand Prairie, TX 75050
rtc
Reed Tool Company
Richard Herdell
rtc!root
713 924 5521
6501 Navigation, Houston, TX 77011
rtjpc
Tom Jacob
Tom Jacob
rtjpc!jacob
214 528 6733
4306 Emerson Avenue, Dallas, TX 75205
rwsys, rwsys.lonestar.org
R/W Systems - Fine purveyors of custom computation and control
James X. Wyatt
rwsys!jim, rwsys!root, rwsys!uucpmgr
817 595 0571
3529 Ruth Road, Ste: 2121, Richland Hills, Tx 76118-5849
satcom
Iguana Binary Systems
David Kuykendall
satcom!root
512 558 3826
4115 Goshen Pass, San Antonio, TX 78230
sawdust, .n382.z1.fidonet.org
June Parchman
sawdust!jip
1401 E. Rundberg Ln. #50, Austin, TX 78753
scisoft
Scientific Software Intercomp
Doug Scogman
scisoft!root
713 953 8702
10333 Richmond Ave., Suite 1000 Houston, TX 77042
scorpio
Micro Engineering Co.
Donald A. Ninke, P.E.
!scorpio!ninke
512 926 7520
2307 Lehigh Drive, Austin, TX 78723
sctc-1
Air Force Advanced Systems SC (SMSCRC Users Group coordinator)
Milton J. Turner Jr., Unix Systems Analyst (512) 652-UNIX (8649)
sctc-1!milt
512 652 3098
San Antonio, Texas Metropolitan Area
sentinel
W. L. Kennedy Jr. and Associates
William (Bill) L. Kennedy Jr.
bill@ssbn.WLK.COM
512 535 4966
Box 63449 Bandera Falls, Pipe Creek, TX 78063-3449
sequoia,sequoia.execu.com
Execucom Systems Corp
Dewey Henize
usenet@execu.com
512 327 7070
Two Wild Basin, 108 Wild Basin Road, Austin, Texas 78746
sessun
SES, Inc.
John Osborn
sessun!root
512 474 4526
1301 W. 25th St., Austin, TX 78705
shared
Shared Financial Systems
D.H. Close
shared!davec
214 233 8356
15301 Dallas Parkway, #600, Dallas, TX 75248
shell,.shell.com
Shell Oil Co.
Susan Dang, Barry Myers
postmaster@shell.com
713 795 3208, 713 795 3287
Shell Information Center, 1500 OST, Houston, TX 77054
shibaya
Private system
Augustine Cano
shibaya!postmaster, shibaya!afc
817 382 0211
P.O. Box 2382, Denton, TX 76202
siswat
Photon Graphics, Inc.
A. Lester Buck
siswat!usenet
713 665 2258
3618 Glen Haven, Houston, TX 77025
skeeter
Privately Owned
Robert Wallace
tnessd!mechrw
214 464 6552
Dallas, Texas
smu
Southern Methodist University, Dept of Computer Science and Engineering
Bob Mazanec
smu!manager
214 692-2859, 214 692-3080
Department of Computer Science and Engineering, Dallas, TX 75275
smubic
Southern Methodist University
R. Allen Gwinn, Jr.
sulaco!allen
smunews
Department of Electical Engineering; S.M.U.
Dr. James George Dunham
smunews!jgd
214 692-2812
Dallas, TX 75275
smx
Individual
Steve Musacchia
smx!root
713 984 9600
1640 Sul Ross Houston, TX 77006
sneaky
Gordon L. Burditt
Gordon L. Burditt
gordon@sneaky.lonestar.org
817 249 4898 (Voice: evenings only!)
1206 Duane, #2121, Benbrook, TX 76126
snoc
Hackercorp
Karl Lehenbauer
sugar!karl, sugar!usenet
713 438 4964
3918 Panorama, Missouri City, TX 77099
solo, solo.csci.unt.edu
University of North Texas, Computer Science Department
Johnny Carroll
solo!root
817 565 2279
PO Box 13886 Denton, Texas 76203
soma
Division of Neuroscience, Baylor College of Medicine
Mahmud Haque
postmaster@soma.bcm.tmc.edu, mahmud@soma.bcm.tmc.edu
713 789 5985
Division of Neuroscience, Baylor College of Medicine,
One Baylor Plaza, Houston, Texas 77030
sooner
Dewey Coffman
sooner!dewey
512 452 7354
5907 Cary Dr, Austin, Texas 78759-3109
spdyne, spdyne.lonestar.org
Spectradyne, Inc.
Chert Pellett
spdyne!chert
214 301-9108
1501 Plano Road, Richardson, Tx. 75085
splut, .conmicro.com
Confederate Microsystems
Jay Maynard
postmaster@splut.conmicro.com
+1 713 332 3376
6027 Leafwood Circle, League City, TX 77573
ssbn, .wlk.com
W.L. Kennedy Jr. & Associates
William L. Kennedy, Jr. (Bill)
bill@ssbn.WLK.COM
512 535 4966
Box 63449 Bandera Falls, Pipe Creek, TX 78063-3449
ssi600
Seay Systems, Inc.
Vernon E. Hurdle
vernon@ssi600.lonestar.org
214 522-2324
5327 N. Central Expressway, Suite 320, Dallas, TX 75205
starlite
Personal
Eric C. Rosen
starlite!postmaster, uunet!cs.utexas.edu!rosen
512 346 6543
No Physcal address known
starsoft
The Starbound Software Group, a part of Starbound Enterprises
David W. Lowrey
postmaster@starsoft
713 894 7447
12519 Lusterleaf Dr., Cypress, TX. 77429
starweb
EarthScan Systems
Jose A. Sancho
starweb!jas
214 242 2997
1000 Summit Circle, Carrollton, TX 75006
statham
Private System
Perry L. Statham
statham!perry
512 335 3881
7920 San Felipe #616, Austin, TX 78729
steel
Chaparral Steel Company
Shans Basiti
steel!shans
214 775 8241
300 Ward Road, Midlothian, TX 76065
strirc
James A. Tower
James A. Tower
strirc!jim
214 871 3311
c/o Huitt-Zollars 3131 McKinney Ave. STE 600, Dallas, TX 75204
sugar, .hackercorp.com
Hackercorp
Karl Lehenbauer
sugar!karl, sugar!usenet
713 438 4964
3918 Panorama, Missouri City, TX 77459
sulaco, .sigma.com
Southern Methodist University
R. Allen Gwinn, Jr.
sulaco!allen
214 692 3186 (VOICE)
Rm 150 Mc Guire Bldg., S.M.U., Dallas, TX 75275 (USMail)
sunanes, sunanes.hscsa.utexas.edu
Univ. of Texas Health Science Ctr. San Antonio, Dept of Anesthesiology
Buddy Hilliker
sunanes!buddy
512 567 4528
7703 Floyd Curl Drive #328F, San Antonio, TX 78284-7838
sunriv
SunRiver Corp.
John Crittenden
sunriv!root
512 835 8001
1150 Metric Blvd., Suite 150, Austin, TX 78758
supernet, supernet.haus.com, .haus.com, .dallas.haus.com
Harris Adacom Corporation
Clay Luther
cluther@supernet.haus.com
214 386 2356
P.O. Box 809022, Dallas, Tx 75380-9022
swrinde
Southwest Research Institute
Keith S. Pickens
swrinde!postmaster
512 684 5111
6220 Culebra Road, San Antonio, Texas 78284
tadusa
Tadpole Technology
Tonya Butcher
tadusa!butcher
512 338 4221
8310 Capitol of Texas Hwy. N, Suite 375, Austin, TX 78759
taliesin
Personal
Roger Florkowski
taliesin!postmaster
512 255 9003
14300 Tandem Blvd #251, Austin TX 78728
taronga, taronga.hackercorp.com
Individual
Peter da Silva
peter@taronga.hackercorp.com
713 274 5180
No physical address known
tcsoft
Third Coast Software, Inc.
Haran Boral
tcsoft!o2
512 343 8294
8716 N. MoPac, Suite 200, Austin, Texas 78759
teamcom
Team Air Express
David Swank
teamcom!david
214 342 3692
639 W Broadway, Winnsboro, TX 75494
techsup
Tandy/Radio Shack Technical Support # 0220
Gary Kueck
root@techsup.UUCP
817 390 2911
400 Atrium, One Tandy Center, Ft. Worth, TX 76102
tedpc
Private system
William Ted Mahavier
tedpc!postmaster, tedpc!ted
817 382 7036
400 Congress, Denton, TX 76201
teuton
Personal System
Bob Mugele
teuton!root
214 780-8844
602 Madison Ct. Duncanville, TX 75137
texbell, texbell.sbc.com, sbc.com
Southwestern Bell Corporation
Howard Cox
uocshc@swuts.sbc.com
214 464 8371
Two Bell Plaza, Room 340, Dallas, Texas 75202
NOTES:Internet gateway for Southwestern Bell Corporation
texhrc
TEXACO Houston Research Center
Lyle Meier, Susan Willis
texhrc!ldm,texhrc!sew
713-954-6000
3901 Briarpark, Houston, Tx 77072
texsun, central.sun.com, .central.sun.com
Sun Microsystems, Inc.
William Reeder
william.reeder@Central.Sun.COM texsun!william.reeder
214 788 3176
14785 Preston Road Suite 1050, Dallas, TX 75240-7607
thnkpos
EPH Information Systems
Buddy Hilliker
thnkpos!buddy
512 366 4785
2389 N.W. Military, #514, San Antonio, TX 78231
thot1
THOT Corporation
Jim Fiegenschue
thot1!jim
214 539 9281
120 Oak Grove Circle; Double Oak, TX 75067-8461
ti-csl
Texas Instruments
Joe Ramey
ti-csl!postmaster
214 995 5728
P.O. Box 655474, MS 238, Dallas, TX, 75265
tigon
TIGON
Phil Meyer
mages!phil
214 733 8625
17080 Dallas Parkway, Dallas, TX 75248
tmcvax
Houston Academy of Medicine/Texas Medical Center Library
Stan Barber/Susan Bateman
sob@bcm.tmc.edu,susan_bateman@library.tmc.edu
713 798 6042
HAM/TMC Library, Texas Medical Center, Houston, Tx 77030
toyshop
Private system
Eric Lipscomb
toyshop!postmaster, toyshop!root
817 387 6200
1608 McCormick Denton TX 76205
tqc, .n382.z1.FIDONET.ORG
Personal "The Q Continuum"
Eric Rouse
tqc!postmaster, tqc!eric
512 266 3867
2100 Red Fox Rd, Austin, Tx. 78734-2927
track29
ECP technical consulting
Charles Forsythe
track29!postmaster
214 739 3276
8215 Meadow Rd. #1005,Dallas, TX 75231
tramark
TraMark Software, Inc.
Mark McCollom
tramark!usenet
214 369 1777
10210 N. Central Expy., Suite 320, Dallas, TX 75231
trashy
Individual
Steve Talmage
steve@trashy.hou.tx.us
713 556 5830
12630 Ashford Point Drive, Apt. 419, Houston, TX 77082
trillium
University of Texas at Austin
Brook G. Milligan
ut-emx!brook
512 471 3530
Department of Botany
trimara
Trimarand, Inc.
Jeff Collins
trimara!root
713 358 2764
600 Rockmead, Suite 200, Kingwood, TX 77339
trsvax trsvax.tandy.com
Tandy Electronics, Research and Development
Frank Durda IV
uhclem@trsvax.tandy.com
817 390 2865
1300 Two Tandy Center, Ft. Worth, TX 76102
tsci, tsci.lonestar.org
System Center, Inc
David R. Wood
tsci!wood
214 550 0318 x132
2477 Gateway Drive, Suite 101, Irving, TX 75063-2728
tssnet
Thursday Software Systems, Inc.
Paul Nelson
tssnet!nelson
817 478 5070
5840 W. Interstate 20, Suite 115, Arlington, TX 76017
tusol
Trinity University CS Department
Aaron Konstam
tusol!akonstam
512 736-7484
715 Stadium Dr., San Antonio, TX 78284
txsil
Summer Institute of Linguistics
Dan Lord, Steve McConnel
txsil!postmaster
214 709 3319
7500 W Camp Wisdom Road, Dallas Texas 75236
ucmsa
ALAMO Matchmaker
Buddy Hilliker
ucmsa!news
512 366 4785 (VOICE) 512 366 4752 (DIALUP)
2389 N.W. Military, #514, San Antonio, TX 78231
uhc
UHC
Steve Talmage
uhc!steve, uhc!root, uhc!postmaster
713 782 2700
3600 South Gessner, Suite 110, Houston, TX 77063
uhnix1
University of Houston, Academic Computing Services
Alan Pfeiffer-Traum
postmaster@uh.edu
713 749 1490
4800 Calhoun, Houston, TX 77204-1961
uhura1
Mark Weber
uhura1!root
713 626 9568
5177 Richmond Avenue, Suite 1075, Houston, TX 77056
uller
ATL inc...
Michael F. Angelo
uller!postmaster
713 586 7761
No physical address known
unidos
UniDos, Inc.
Bill Van Zandt
unidos!bvz
713 785 4709
7660 Woodway, Suite 580, Houston, TX 77063
unisql
UniSQL, Inc.
Alfred Correira
unisql!usenet
512 343 7297
9390 Research Blvd, Kaleido II, Suite 220, Austin, Texas 78759
urchin, .n106.z1.fidonet.org
Two Wheelers FidoNet BBS
Howard Gerber
urchin!postmaster
713 682 4759
1031 West 43rd Street, Houston, TX 77018-4301
usdalmkt, usdalmkt.haus.com, usdalmkt.dallas.haus.com
Harris Adacom Corporation, Dallas Marketing
Tony Druery
usdalmkt!tony
214 386 1229
P.O. Box 809022, Dallas, Tx 75380-9022
ut-botany
University of Texas at Austin
Brook G. Milligan
ut-emx!brook
512 471 3530
Department of Botany
ut-emx
The University of Texas at Austin, Computation Center
Vance Strickland
ut-emx!uucp
(512) 471-3241
Austin, TX 78712
utacfd, utacfd.arl.utexas.edu
Univ. of Tx at Arlington; Aerospace Eng. Dept.
Ralph W. Noack
utacfd!postmaster
817 273 2860
UTA Box 19018, Arlingtion, Tx 76019
utanes
Univ. of Texas Health Science Ctr. San Antonio, Dept of Anesthesiology
Buddy Hilliker
utanes!eph
512 567 4528
7703 Floyd Curl Drive #328F, San Antonio, TX 78284-7838
utastro
University of Texas, Astronomy/McDonald Observatory
David Way
postmaster@utastro.UUCP
512 471 7439
Univ of Texas, Dept of Astronomy, Austin TX 78712
utep-vaxa
University of Texas at El Paso, EE and CS Dept.
Edgar Gandara
utep-vaxa!sys_man
915 747 5470
El Paso, Texas 79968-0523
uudell, .dell.com
Dell Computer Corporation
James Van Artsdalen
postmaster@uudell.dell.com
512 338 8789
Dell Computer Corporation, AR3, 9505 Arboretum Blvd., Austin TX 78759
val, .val.com
Video Associates Labs, Inc.
Ben Thornton
val!ben
512 346 5781
4926 Spicewood Springs Rd., Austin, TX 78759
vector, vector.dallas.tx.us
Dallas Semiconductor
Ed Higgins
vector!edso
214 450 5391
4401 South Beltwood Parkway, Dallas, TX 75244-3292
virago
Private System
Mitch Mitchell
virago!postmaster
214 519 3257, 214 248 8149
18330 Gallery Drive #723, Dallas, TX, 75252-5143
vitec
Visual Information Technologies - VITec
Jay Thompson
vitec!jay
214 596 5600
3460 Lotus Dr, Plano, TX 75075
vitsun
Visual Information Technologies (VITec)
Jay Thompson
vitsun!jthompson
214 596 5600
3460 Lotus Dr, Plano, TX 75075
void, void.lonestar.org
Cam Fox
cam@void.lonestar.org
214-306-0148
18175 Midway, #253 - Dallas - Tx - 75287
vortech
Vortech Data, Inc.
Peter Stephens
postmaster@vortech.UUCP
214 669 3448
2929 North Central Exprwy, Suite 240, Richardson, TX 75080
w5veo,w5veo.boerne.tx.us
Amateur radio station w5veo
Larry Becker
w5veo!w5veo
512 249 3168
Rt 2 Box 2741, Boerne, TX 78006
walrus
ACECO
Dave Minor
walrus!root
512 661 4111
5355 Dietrich Rd, San Antonio, TX 78219
warble
Private system
Wayne Ross
wayne@warble.UUCP
214 987 1478
3415 Westminster Suite 201 Dallas Texas USA 75205
watson, bcm.tmc.edu
Baylor College of Medicine
Stan Barber
postmaster@bcm.tmc.edu
713 798 6042
Baylor College of Medicine, One Baylor Plaza, Houston, Texas 77030
wb9rxw
American Airlines - STIN
Gary Partain
wb9rxw!gary
817 963 3311
2748 Timber Ct., Grand Prairie, TX 75052-4443
wcscnet
Willies Computer Software Co.
Egberto Willies
wcscnet!root
713 498 4832
10507 Swan Glen, Houston, TX 77099
westech
Western Atlas/Integrated Technologies
David Waddell
westech!root
713 972 4618
10205 Westheimer, Room 774, Houston, TX 77042
whitwiz, whitwiz.lonestar.org
Private System
Danny White
whitwiz!postmaster
214-422-7131
1429 Glacier, Plano, Tx 75023
witte
Private System
Ken Witte
witte!witte
512 990 2529
14302 Jennave Ln., Austin, Texas 78728
wixer
Wixer Industries
Douglas Barnes
wixer!dorf
512 454 8134
504 W. 24th St #30, Austin, TX 78705
wizlair
Wizard's Lair Private BBS
Robert D. Greene
rgreene@bnr.ca
214-pri-vate
9150 Fair Oaks #915, Dallas, Texas 75231
wnss
We'll Never Stop Searching
Lance Spangler
spangler@wnss.UUCP
512 454-2038
PO Box 9927, Austin, TX 78766
woodwrk, woodwrk.lonestar.org
Kingswood Software Associates
Richard H. Wood
woodwrk!postmaster
214 530 2595, 214 519 3559
246 Bancroft Drive East, Garland, Tx 75040
wotan, wotan.compaq.com, compaq.com
Compaq Computer Corporation
Greg Hackney
hackney@compaq.com
713+378-8427
20555 SH 249, M-050701, Houston, Texas, 77070-2698
woton
Shriners Burns Institute
R.J. Nichols III
woton!postmaster
409 761 4701
SBI, Computer Department, 610 Texas Ave., Galveston, TX 77550 USA
wrangler
W.L. Kennedy Jr. & Associates
William L. Kennedy, Jr. (Bill)
bill@ssbn.WLK.COM
512 535 4966
Box 63449 Bandera Falls, Pipe Creek, TX 78063-3449
wroach, wroach.cactus.org
personal
Walter Butler
postmaster@wroach.cactus.org
512 326 2421
905 E. Oltorf, Austin, TX 78704
wylie
CIM Systems
Steve Hickman
wylie!root
214 437 5171
2425 N. Central Expressway Suite 432 Richardson, TX 75080
ywamtxs
Youth With A Mission
Robert G. Smith
ywamtxs!robert
214 882 5591
PO Box 4600, Tyler, TX 75712-4600
zippee
TPC Services
Tim Dawson
zippee!root
214 221 7385
1502 Live Oak, Lewisville, TX 75067
zitt
Syntax Performance Group
Joe Zitt
zitt!postmaster
512 450 1916
2819 Foster Lane, Apt F112, Austin TX 78757
zycorus
Zycor, Inc.
Bill Curtis
zycorus!root
512 282 6699
220 Foremost Austin, TX 78745
===================================================================
/ /
/ File 06 / NIA071 /
/ Electronic Frontier Foundation /
/ Mike Godwin (mnemonic@eff.org) /
/ /
[Editors Note: The following release was Faxcast to 1500+ media organizations
and interested parties where it was followed up released in EFFector (Ref: EFF
Newsletter, Editor: Mike Godwin). This is a case I feel that is _very_
important to our community and so therefore will be covered by NIA as
developements continue.]
EXTENDING THE CONSTITUTION TO AMERICAN CYBERSPACE:
TO ESTABLISH CONSTITUTIONAL PROTECTION FOR ELECTRONIC MEDIA AND TO
OBTAIN REDRESS FOR AN UNLAWFUL SEARCH, SEIZURE, AND PRIOR RESTRAINT
ON PUBLICATION, STEVE JACKSON GAMES AND THE ELECTRONIC FRONTIER
FOUNDATION TODAY FILED A CIVIL SUIT AGAINST THE UNITED STATES SECRET
SERVICE AND OTHERS.
On March 1, 1990, the United States Secret Service nearly
destroyed Steve Jackson Games (SJG), an award-winning publishing
business in Austin, Texas.
In an early morning raid with an unlawful and
unconstitutional warrant, agents of the Secret Service conducted a
search of the SJG office. When they left they took a manuscript
being prepared for publication, private electronic mail, and several
computers, including the hardware and software of the SJG Computer
Bulletin Board System. Yet Jackson and his business were not only
innocent of any crime, but never suspects in the first place. The
raid had been staged on the unfounded suspicion that somewhere in
Jackson's office there "might be" a document compromising the
security of the 911 telephone system.
In the months that followed,
Jackson saw the business he had built up over many years dragged to
the edge of bankruptcy. SJG was a successful and prestigious
publisher of books and other materials used in adventure role-playing
games. Jackson also operated a computer bulletin board system (BBS)
to communicate with his customers and writers and obtain feedback and
suggestions on new gaming ideas. The bulletin board was also the
repository of private electronic mail belonging to several of its
users. This private mail was seized in the raid. Despite repeated
requests for the return of his manuscripts and equipment, the Secret
Service has refused to comply fully.
Today, more than a year after that raid, The Electronic
Frontier Foundation, acting with SJG owner Steve Jackson, has filed
a precedent setting civil suit against the
United States Secret Service, Secret Service Agents Timothy Foley and
Barbara Golden, Assistant United States Attorney William Cook, and
Henry Kluepfel.
"This is the most important case brought to date,"
said EFF general counsel Mike Godwin, "to vindicate the
Constitutional rights of the users of computer-based communications
technology. It will establish the Constitutional dimension of
electronic expression. It also will be one of the first cases that
invokes the Electronic Communications and Privacy Act as a shield and
not as a sword -- an act that guarantees users of this digital
medium the same privacy protections enjoyed by those who use the
telephone and the U.S. Mail."
Commenting on the overall role of the Electronic
Frontier Foundation in this case and other matters, EFFs
president Mitch Kapor said, "We have been acting as an organization
interested in defending the wrongly accused. But the Electronic
Frontier Foundation is also going to be active in establishing
broader principles. We begin with this case, where the issues are
clear. But behind this specific action, the EFF also believes that
it is vital that government, private entities, and individuals who
have violated the Constitutional rights of individuals be held
accountable for their actions. We also hope this case will help
demystify the world of computer users to the general public and
inform them about the potential of computer communities."
Representing Steve Jackson and The Electronic Frontier
Foundation in this suit is James George,Jr. of Graves, Dougherty,
Hearon & Moody of Austin, Rabinowitz, Boudin, Standard, Krinsky &
Liberman of New York,and Harvey A. Silverglate and Sharon L. Beckman
of Silverglate & Good of Boston .
Copies of the complaint, the unlawful search warrant,
statements by Steve Jackson and the Electronic Frontier Foundation, a
legal fact sheet and other pertinent materials are available by
request from the EFF.
---
Also made available to members of the press and electronic media on
request were the following statementby Mitchell Kapor and a legal
fact sheet prepared by Sharon Beckman and Harvey Silverglate of
Silverglate & Good, the law firm central to the filing of this
lawsuit.
WHY THE ELECTRONIC FRONTIER FOUNDATION IS BRINGING SUIT ON BEHALF OF
STEVE JACKSON.
With this case, the Electronic Frontier Foundation begins a new
phase of affirmative legal action. We intend to fight for broad
Constitutional protection for operators and users of computer
bulletin boards.
It is essential to establish the principle that computer bulletin
boards and computer conferencing systems are entitled to the same
First Amendment rights enjoyed by other media. It is also critical
to establish that operators of bulletin boards JQJ whether
individuals or businesses JQJ are not subject to unconstitutional,
overbroad searches and seizures of any of the contents of their
systems, including electronic mail.
The Electronic Frontier Foundation also believes that
it is vital to hold government, private entities, and individuals
who have violated the Constitutional rights of others accountable
for their actions.
Mitchell Kapor,
President, The Electronic Frontier Foundation
---
LEGAL FACT SHEET: STEVE JACKSON GAMES V. UNITED STATES SECRET
SERVICE, ET AL
This lawsuit seeks to vindicate the rights of a small, successful
entrepreneur/publisher to conduct its entirely lawful business, free
of unjustified governmental interference. It is also the goal of
this litigation to firmly establish the principle that lawful
activities carried out with the aid of computer technology, including
computer communications and publishing, are entitled to the same
constitutional protections that have long been accorded to the print
medium. Computers and modems, no less than printing presses,
typewriters, the mail, and telephones -being the methods selected by
Americans to communicate with one another -- are all protected by our
constitutional rights.
Factual Background and Parties:
Steve Jackson, of Austin, Texas, is a successful small businessman.
His company, Steve Jackson Games, is an award- winning publisher of
adventure games and related books and magazines. In addition to its
books and magazines, SJG operates an electronic bulletin board system
(the Illuminati BBS) for its customers and for others interested in
adventure games and related literary genres.
Also named as plaintiffs are various users of the Illuminati BBS.
The professional interests of these users range from writing to
computer technology.
Although neither Jackson nor
his company were suspected of any criminal activity, the company was
rendered a near fatal blow on March 1, 1990, when agents of the
United States Secret Service, aided by other law enforcement
officials, raided its office, seizing computer equipment necessary to
the operation of its publishing business. The government seized the
Illuminati BBS and all of the communications stored on it, including
private electronic mail, shutting down the BBS for over a month. The
Secret Service also seized publications protected by the First
Amendment, including drafts of the about-to-be-released role playing
game book GURPS Cyberpunk. The publication of the book was
substantially delayed while SJG employees rewrote it from older
drafts. This fantasy game book, which one agent preposterously
called "a handbook for computer crime," has since sold over 16,000
copies and been nominated for a prestigious game industry award. No
evidence of criminal activity was found.
The warrant application,
which remained sealed at the government's request for seven months,
reveals that the agents were investigating an employee of the company
whom they believed to be engaged in activity they found questionable
at his home and on his own time. The warrant application further
reveals not only that the Secret Service had no reason to think any
evidence of criminal activity would be found at SJG, but also that
the government omitted telling the Magistrate who issued the warrant
that SJG was a publisher and that the contemplated raid would cause a
prior restraint on constitutionally protected speech, publication,
and association.
The defendants in this case are the United States
Secret Service and the individuals who, by planning and carrying out
this grossly illegal search and seizure, abused the power conferred
upon them by the federal government. Those individuals include
Assistant United States Attorney William J. Cook, Secret Service
Agents Timothy M. Foley and Barbara Golden, as well Henry M. Kluepfel
of Bellcore, who actively participated in the unlawful activities as
an agent of the federal government.
These defendants are the same
individuals and entities responsible for the prosecution last year of
electronic publisher Craig Neidorf. The government in that case
charged that Neidorf's publication of materials concerning the
enhanced 911 system constituted interstate transportation of stolen
property. The prosecution was resolved in Neidorf's favor in July of
1990 when Neidorf demonstrated that materials he published were
generally available to the public.
Legal Significance:
This case is about the constitutional and statutory rights of
publishers who conduct their activities in electronic media rather
than in the traditional print and hard copy media, as well as the
rights of individuals and companies that use computer technology to
communicate as well as to conduct personal and business affairs
generally.
The government's wholly unjustified raid on SJG, and
seizure of its books, magazines, and BBS, violated clearly
established statutory and constitutional law, including:
. The Privacy Protection Act of 1980, which generally prohibits
the government from searching the offices of publishers for work
product and other documents, including materials that are
electronically stored;
. The First Amendment to the U. S. Constitution, which guarantees
freedom of speech, of the press and of association, and which
prohibits the government from censoring publications, whether in
printed or electronic media.
. The Fourth Amendment, which prohibits unreasonable governmental
searches and seizures, including both general searches and searches
conducted without probable cause to believe that specific evidence of
criminal activity will be found at the location searched.
. The Electronic Communications Privacy Act and the Federal
Wiretap statute, which together prohibit the government from seizing
electronic communications without justification and proper
authorization.
STEVE JACKSON LAWSUIT: FULL TEXT OF COMPLAINT (long)
This document was filed May 1 in federal court in Austin, Texas
UNITED STATES DISTRICT COURT
WESTERN DISTRICT OF TEXAS
AUSTIN DIVISION
STEVE JACKSON GAMES INCORPORATED,
STEVE JACKSON, ELIZABETH
McCOY, WALTER MILLIKEN, and
STEFFAN O'SULLIVAN,
Plaintiffs,
v.
UNITED STATES SECRET SERVICE,
UNITED STATES OF AMERICA,
WILLIAM J. COOK, TIMOTHY M. FOLEY,
BARBARA GOLDEN, and HENRY M. KLUEPFEL,
Defendants.
COMPLAINT AND DEMAND FOR JURY TRIAL
I. INTRODUCTION AND SUMMARY
This is a civil action for damages to redress
violations of the Privacy Protection Act of 1980,
42 U.S.C. 2000aa et seq; the Electronic
Communications Privacy Act, as amended, 18 U.S.C.
2510 et seq and 2701 et seq; and the First and
Fourth Amendments to the United States
Constitution.
Plaintiffs are Steve Jackson Games
Incorporated ("SJG"), an award-winning publisher of
books, magazines, and games; its president and sole
owner Steve Jackson; and three other users of an
electronic bulletin board system operated by SJG.
Defendants are the United States Secret
Service, the United States of America, an Assistant
United States Attorney, Secret Service agents, and
a private individual who acted at the direction of
these federal officers and agents and under color
of federal authority.
Although neither Steve Jackson nor SJG was a
target of any criminal investigation, defendants
caused a general search of the business premises of
SJG and the wholesale seizure, retention, and
conversion of computer hardware and software and
all data and communications stored there.
Defendants seized and retained work product and
documentary materials relating to SJG books, games,
and magazines, thereby imposing a prior restraint
on the publication of such materials. Defendants
also seized and retained an entire electronic
bulletin board system, including all computer
hardware and software used to operate the system
and all data and communications stored on the
system, causing a prior restraint on the operation
of the system. Defendants also seized and retained
computer hardware and software, proprietary
information, records, and communications used by
SJG in the ordinary course of operating its
publishing business.
The search of this reputable publishing
business and resulting seizures constituted a
blatant violation of clearly established law. The
search and seizure violated the Privacy Protection
Act of 1980, which strictly prohibits law
enforcement officers from using search and seizure
procedures to obtain work product or documentary
materials from a publisher, except in narrow
circumstances not applicable here. The seizure and
retention of SJG's work product and bulletin board
system, as well as the seizure and retentionof the
computers used to prepare SJG publications and to
operate the bulletin board system, violated the
First Amendment. The search and seizure, which
encompassed proprietary business information and
private electronic communications as well as
materials protected by the First Amendment, also
violated the Fourth Amendment. Defendants
conducted an unconstitutional general search
pursuant to a facially invalid, general warrant.
The warrant was issued without probable cause to
believe that any evidence of criminal activity
would be found at SJG and was issued on the basis
of false and misleading information supplied by the
defendants. Defendants also invaded plaintiffs'
privacy by seizing and intercepting the plaintiffs'
private electronic communications in violation of
the Electronic Communications Privacy Act.
Defendants' wrongful and unlawful conduct
amounted to an assault by the government on the
plaintiffs, depriving them of their property, their
privacy, their First Amendment rights and
inflicting humiliation and great emotional distress
upon them.
II. DEFINITIONS
When used in this complaint, the following
words and phrases have the following meanings:
Computer Hardware: Computer hardware consists
of the mechanical, magnetic, electronic, and
electrical devices making up a computer system,
such as the central processing unit, computer
storage devices (disk drives, hard disks, floppy
disks), keyboard, monitor, and printing devices.
Computer Software: Computer software consists
of computer programs and related instructions and
documentation.
Computer Program: A computer program is a set
of instructions that, when executed on a computer,
cause the computer to process data.
Source Code: Source code is a set of
instructions written in computer programming
language readable by humans. Source code must be
"compiled," "assembled," or "interpreted" with the
use of a computer program before it is executable
by a computer.
Text File: A computer file is a collection of
data treated as a unit by a computer. A text file
is a memorandum, letter, or any other alphanumeric
text treated as a unit by a computer. A text file
can be retrieved from storage and viewed on a
computer monitor, printed on paper by a printer
compatible with the computer storing the data, or
transmitted to another computer.
Modem: A modem, or modulator-demodulator, is
an electronic device that makes possible the
transmission of data to or from a computer over
communications channels, including telephone lines.
Electronic mail: Electronic mail (e-mail) is a
data communication transmitted between users of a
computer system or network. E-mail is addressed to
one or more accounts on a computer system assigned
to specific users and is typically stored on the
system computer until read and deleted by the
addressee. The privacy of electronic mail is
typically secured by means of a password, so that
only individuals withknowledge of the account's
password can obtain access to mail sent to that
account.
Electronic Bulletin Board System (BBS): A BBS
is a computerized conferencing system that permits
communication and association between and among its
users. A systems operator ("sysop") manages the
BBS on a computer system that is equipped with
appropriate hardware and software to store text
files and communications and make them accessible
to users. Users of the BBS gain access to the
system using their own computers and modems and
normal telephone lines.
A BBS is similar to a traditional bulletin
board in that it allows users to transmit and
"post" information readable by other users. Common
features of a BBS include:
(1) Conferences in which users engage in an
ongoing exchange of information and ideas.
Conferences can be limited to a specific group of
users, creating an expectation of privacy, or open
to the general public.
(2) Archives containing electronically stored
text files accessible to users;
(3) Electronic mail service, in which the host
computer facilitates the delivery, receipt, and
storage of electronic mail sent between users.
Bulletin board systems may be maintained as
private systems or permit access to the general
public. They range in size from small systems
operated by individuals using personal computers in
their homes, to medium-sized systemsoperated by
groups or commercial organizations, to world-wide
networks of interconnected computers. The subject
matter and number of topics discussed on a BBS are
limited only by the choices of the system's
operators and users. Industry estimates indicate
that well over a million people in the United
States use bulletin board systems.
III. PARTIES
1. Plaintiff SJG is a corporation duly
organized and existing under the laws of the State
of Texas. At all relevant times, SJG was engaged
in the business of publishing adventure games and
related books and magazines. Its place of business
is 2700-A Metcalfe Road, Austin, Texas.
2. Plaintiff Steve Jackson ("Jackson"), the
president and sole owner of SJG, is an adult
resident of the State of Texas.
3. Plaintiffs Elizabeth McCoy, Walter
Milliken, and Steffan O'Sullivan are adult
residents of the State of New Hampshire. At all
relevant times, they were users of the electronic
bulletin board system provided and operated by SJG
and known as the "Illuminati Bulletin Board System"
("Illuminati BBS").
4. The United States Secret Service, an
agency within the Treasury Department, and the
United States of America sued in Counts I, IV, and
V.
5. Defendant William J. Cook ("Cook") is an
adult resident of the State of Illinois. At all
relevant times,Cook was employed as an Assistant
United States Attorney assigned to the United
States Attorney's office in Chicago, Illinois.
Cook is sued in Counts II-V.
6. Defendant Timothy M. Foley ("Foley") is an
adult resident of the State of Illinois. At all
relevant times, Foley was employed as a Special
Agent of the United States Secret Service, assigned
to the office of the United States Secret Service
in Chicago, Illinois. At all relevant times, Foley
was an attorney licensed to practice law in the
State of Illinois. Foley is sued in Counts II-V.
7. Defendant Barbara Golden ("Golden") is an
adult resident of the State of Illinois. At all
relevant times, Golden was employed as a Special
Agent of the United States Secret Service assigned
to the Computer Fraud Section of the United States
Secret Service in Chicago, Illinois.
8. Defendant Henry M. Kluepfel ("Kluepfel")
is an adult resident of the state of New Jersey.
At all relevant times, Kluepfel was employed by
Bell Communications Research as a district manager.
Kluepfel is sued in Counts II-V.
III. JURISDICTION AND VENUE
9. This Court's jurisdiction is invoked
pursuant to 28 U.S.C. 1331 and 42 U.S.C. 2000aa-
6(h). Federal question jurisdiction is proper
because this is a civil action authorized and
instituted pursuant to the First and Fourth
Amendments to the United States Constitution, 42
U.S.C. 2000aa-6(a) and 6(h), and 18 U.S.C. 2707
and 2520.
10. Venue in the Western District of Texas is
proper under 28 U.S.C. 1391(b), because a
substantial part of the events or omissions giving
rise to the claims occurred within this District.
IV. STATEMENT OF CLAIMS
FACTUAL BACKGROUND
Steve Jackson Games
11. SJG, established in 1980 and incorporated
in 1984, is a publisher of books, magazines, and
adventure games.
(a) SJG books and games create imaginary worlds
whose settings range from prehistoric to futuristic
times and whose form encompass various literary
genres.
(b) The magazines published by SJG contain news,
information, and entertainment relating to the
adventure game industry and related literary
genres.
12. SJG games and publications are carried by
wholesale distributors throughout the United States
and abroad.
13. SJG books are sold by national retail
chain stores including B. Dalton, Bookstop, and
Waldenbooks.
14. Each year from 1981 through 1989, and
again in 1991, SJG board games, game books, and/or
magazines have been nominated for and/or received
the Origins Award. The Origins Award, administered
by the Game Manufacturers' Association, is the
adventure game industry's most prestigious award.
15. SJG is not, and has never been, in the
business of selling computer games, computer
programs, or other computer products.
16. On March 1, 1990, SJG had 17 employees.
Steve Jackson Games Computer Use
17. At all relevant times, SJG relied upon
computers for many aspects of its business,
including but not limited to the following uses:
(a) Like other publishers of books or magazines,
and like a newspaper publisher, SJG used computers
to compose, store, and prepare for publication the
text of its books, magazines, and games.
(b) SJG stored notes, source materials, and
other work product and documentary materials
relating to SJG publications on its computers.
(c) Like many businesses, SJG used computers to
create and store business records including, but
not limited to, correspondence, contracts, address
directories, budgetary and payroll information,
personnel information, and correspondence.
18. Since 1986, SJG has used a computer to
operate an electronic bulletin board system (BBS)
dedicated to communication of information about
adventure games, the game industry, related
literary genres, and to association among
individuals who share these interests.
(a) The BBS was named "Illuminati," after the
company's award-winning board game.
(b) At all relevant times, the Illuminati BBS
was operated by means of a computer located on the
business premises of SJG. The computer used to run
the Illuminati BBS (hereafter the "Illuminati
computer") was connected to the telephone number
512-447-4449. Users obtained access to
communications and information stored on the
Illuminati BBS from their own computers via
telephone lines.
(c) The Illuminati BBS provided a forum for
communication and association among its users,
which included SJG employees, customers, retailers,
writers, artists, competitors, writers of science
fiction and fantasy, and others with an interest in
the adventure game industry or related literary
genres.
(d) SJG, Jackson, and SJG employees also used
the Illuminati BBS in the course of business to
communicate with customers, retailers, writers, and
artists; to provide customer service; to obtain
feedback on games and new game ideas; to obtain
general marketing information; to advertise its
games and publications, and to establish good will
and a sense of community with others who shared
common interests.
(e) As of February 1990, the Illuminati BBS had
over 300 users residing throughout the United
States and abroad.
(f) At all relevant times, plaintiffs SJG,
Jackson, McCoy, Milliken, and O'Sullivan were
active users of the Illuminati BBS.
(g) Each user account was assigned a password to
secure the privacy of the account.
(h) The Illuminati BBS gave users access to
general files of electronically stored information.
General files included, but were not limited to,
text files containing articles on adventure games
and game-related humor, including articles
published in SJG magazines and articles contributed
by users of the BBS, and text files containing game
rules. These general files were stored on the
Illuminati computer at SJG.
(i) The Illuminati BBS provided several public
conferences, in which users of the BBS could post
information readable by other users and read
information posted by others. The discussions in
the public conferences focused on SJG products,
publications and related literary genres. All
communications transmitted to these conferences
were stored in the Illuminati computer at SJG.
(j) SJG informed users of the Illuminati BBS
that
"any opinions expressed on the BBS, unless
specifically identified as the opinions or policy
of Steve Jackson Games Incorporated, are only those
of the person posting them. SJ Games will do its
best to remove any false, harmful or otherwise
obnoxious material posted, but accepts no
responsibility for material placed on this board
without its knowledge.
(k) The Illuminati BBS also provided private
conferences that were accessible only to certain
users authorized by SJG and not to the general
public. All communications transmitted to these
conferences were stored in the Illuminati computer
at SJG.
(l) The Illuminati BBS provided a private
electronic mail (e-mail) service, which permitted
the transmission of private communications between
users on the system as follows:
(i) E-mail transmitted to an account on the
Illuminati BBS was stored on the BBS computer until
deleted by the addressee.
(ii) The privacy of e-mail was secured by the
use of passwords.
(iii) The privacy of e-mail was also secured by
computer software that prevented the system
operator from reading e-mail inadvertently.
(iv) The privacy of e-mail was also secured by
SJG policy. SJG informed users of the Illuminati
BBS that "[e]lectronic mail is private."
(v) As a matter of policy, practice, and
customer expectations, SJG did not read e-mail
addressed to Illuminati users other than SJG.
(vi) At all relevant times, all plaintiffs used
the e-mail service on the Illuminati BBS.
(vii) On March 1, 1990, the Illuminati computer
contained stored e-mail sent to or from each of the
plaintiffs.
The Illegal Warrant and Application
19. On February 28, 1990, defendant Foley
filed an application with this Court, for a warrant
authorizing the search of the business premises of
SJG and seizure of "[c]omputer hardware (including,
but not limited to, central processing unit(s),
monitors, memory devices, modem(s), programming
equipment, communication equipment, disks, and
prints) and computer software (including, but not
limited to, memory disks, floppy disks, storage
media) and written material and documents relating
to the use of the computer system (including
networking access files), documentation relating to
the attacking of computers and advertising the
results of computer attacks (including telephone
numbers and location information), and financial
documents and licensing documentation relative to
the computer programs and equipment at the business
known as Steve Jackson Games which constitute
evidence, instrumentalities and fruits of federal
crimes, including interstate transportation of
stolen property (18 USC 2314) and interstate
transportation of computer access information (18
USC 1030(a)(6)). This warrant is for the seizure
of the above described computer and computer data
and for the authorization to read information
stored and contained on the above described
computer and computer data."
A copy of the application and supporting affidavit
of defendant Foley (hereafter "Foley affidavit")
are attached as Exhibit "A" and incorporated herein
by reference.
20. The search warrant was sought as part of
an investigation being conducted jointly by
defendant Cook and the United States Attorney's
office in Chicago; defendants Foley, Golden, and
the Chicago field office of the United States
Secret Service; and defendant Kluepfel.
21. On information and belief, neither SJG
nor Jackson nor any of the plaintiffs were targets
of this investigation.
22. The Foley affidavit was based on the
investigation of defendant Foley and on information
and investigative assistance provided to him by
others, including defendants Golden and Kluepfel
and unnamed agents of the United States Secret
Service. Foley Affidavit para. 3.
23. The Foley affidavit alleged that
defendant Klu%p}el had participated in the
execution of numerous federal and state search
warrants. Id.
24. On information and belief, Defendant Cook
participated in the drafting, review, and
submission of the warrant application and
supporting affidavit to this Court.
25. The warrant application and supporting
affidavit were placed under seal on motion of the
United States.
26. On February 28, 1990, based on the Foley
affidavit, a United States Magistrate for the
Western District of Texas granted defendant Foley's
warrant application and issued awarrant authorizing
the requested search and seizure described in
paragraph 19 above. A copy of the search warrant
is attached as Exhibit B.
27. The warrant was facially invalid for the
following reasons:
(a) It was a general warrant that failed to
describe the place to be searched with
particularity.
(b) It was a general warrant that failed to
describe things to be seized with particularity.
(c) It swept within its scope handwritten,
typed, printed, and electronically stored
communications, work product, documents, and
publications protected by the First Amendment.
(d) It swept within its scope SJG proprietary
information and business records relating to
activities protected by the First Amendment.
(e) It swept within its scope a BBS that was a
forum for speech and association protected by the
First Amendment.
(f) It swept within its scope computer hardware
and software that were used by SJG to publish
books, magazines, and games.
(g) It swept within its scope computer hardware
and software used by SJG to operate a BBS.
28. The warrant was also invalid in that it
authorized the seizure of work product and
documentary materials from apublisher "reasonably
believed to have a purpose to disseminate to the
public a newspaper, book, broadcast, or other
similar form of public communication, in or
affecting interstate or foreign commerce," which is
generally prohibited by 42 U.S.C. 2000aa(a) and
(b), without showing the existence of any of the
narrow statutory exceptions in which such a search
and seizure is permitted. Specifically, the Foley
affidavit did not establish the existence of any of
the following circumstances:
(a) The Foley affidavit did not establish
probable cause to believe that SJG, or any employee
in possession of work product materials at SJG, had
committed or was committing a criminal offense to
which such materials related.
(b) The Foley affidavit did not establish
probable cause to believe that SJG or any employee
of SJG in possession of work product materials at
SJG, had committed or was committing a criminal
offense to which such materials related consisting
of other than the receipt possession,
communication, or withholding of such materials or
the information contained therein.
(c) The Foley affidavit did not establish
probable cause to believe that SJG, or any employee
of SJG in possession of work product materials at
SJG, had committed or was committing a criminal
offense consisting of the receipt, possession, or
communicationof information relating to the
national defense, classified information, or
restricted data under the provisions of 18 U.S.C.
793, 794, 797, or 798 or 50 U.S.C. 783.
(d) The Foley affidavit did not establish reason
to believe that immediate seizure of work product
materials from SJG was necessary to prevent the
death of, or serious bodily injury to, a human
being.
(e) The Foley affidavit did not establish
probable cause to believe that SJG, or any employee
of SJG in possession of documentary materials at
SJG, had committed or was committing a criminal
offense to which the materials related.
(f) The Foley affidavit did not establish
probable cause to believe that SJG, or any employee
of SJG in possession of documentary materials at
SJG had committed or was committing a criminal
offense to which the materials related consisting
of other than the receipt, possession,
communication, or withholding of such materials or
the information contained therein.
(g) The Foley affidavit did not establish
probable cause to believe that SJG, or any employee
of SJG in possession of documentary materials at
SJG, had committed or was committing an offense
consisting of the receipt, possession, or
communication of information relating to the
national defense, classifiedinformation, or
restricted data under the provisions of 18 U.S.C.
793, 794, 797, or 798 or 50 U.S.C. 783.
(h) The Foley affidavit did not establish
reason to believe that the immediate seizure of
such documentary materials was necessary to prevent
the death of, or serious bodily injury to, a human
being.
(i) The Foley affidavit did not establish
reason to believe that the giving of notice
pursuant to a subpoena duces tecum would result in
the destruction, alteration, or concealment of such
documentary materials.
(j) The Foley affidavit did not establish that
such documentary materials had not been produced in
response to a court order directing compliance with
a subpoena duces tecum and that all appellate
remedies had been exhausted or that there was
reason to believe that the delay in an
investigation or trial occasioned by further
proceedings relating to the subpoena would threaten
the interests of justice.
29. The warrant was invalid because the
warrant application and supporting affidavit of
defendant Foley did not establish probable cause to
believe that the business premises of SJG was a
place where evidence of criminal activity would be
found, in that:
(a) The Foley affidavit did not allege that
evidence of criminal activity would be found at
SJG. Rather, the affidavit alleged that "E911
source code and text file"and a "decryption
software program" would be "found in the computers
located at 1517G Summerstone, Austin, Texas, or at
2700-A Metcalfe Road, Austin, Texas [SJG], or at
3524 Graystone #192, or in the computers at each of
those locations." Foley Affidavit para. 30
(emphasis added).
(b) The Foley affidavit did not establish
probable cause to believe that E911 source code
would be found at the business premises of SJG.
(c) The Foley affidavit did not establish
probable cause to believe that an E911 text file
would be found at the business premises of SJG.
(d) The Foley affidavit did not establish
probable cause to believe that a decryption
software program would be found at the business
premises of SJG.
30. Even assuming, arguendo, that the warrant
affidavit demonstrated probable cause to believe
that "E911 source code and text file" and a
"password decryption program" would be found at the
business premises of SJG, the warrant was still
invalid because its description of items to be
seized was broader than any probable cause shown,
in that:
(a) The warrant authorized the seizure of
computer hardware, software, and documentation that
did not constitute evidence, instrumentalities, or
fruits of criminal activity;
(b) The warrant authorized the seizure and
reading of electronically stored data, including
publications, work product, proprietary
information, business records, personnel records,
and correspondence, that did not constitute
evidence, instrumentalities, or fruits of criminal
activity;
(c) The warrant authorized the seizure and
reading of electronically stored communications
that were not accessible to the public, including
private electronic mail, and that did not
constitute evidence, instrumentalities, or fruits
of criminal activity.
31. The warrant is invalid because there is
nothing in the Foley affidavit to show that the
information provided by defendant Kluepfel
regarding the BBS at SJG was not stale.
32. The warrant was invalid because the Foley
affidavit was materially false and misleading, and
because defendants submitted it knowing it was
false and misleading or with reckless disregard for
the truth, as set forth in paragraphs 33-40 below.
33. The Foley affidavit did not inform the
Magistrate that SJG was a publisher of games,
books, and magazines, engaged in the business of
preparing such materials for public dissemination
in or affecting interstate commerce;
(a) This omission was material;
(b) Defendants omitted this material information
>from the warrant application knowingly or with
reckless disregard for the truth or falsity of the
application.
34. The Foley affidavit did not inform the
Magistrate that SJG used computers to compose and
prepare publications for public dissemination;
(a) This omission was material;
(b) Defendants omitted this material information
>from the warrant application knowingly or with
reckless disregard for the truth or falsity of the
application.
35. The Foley affidavit did not inform the
Magistrate that the computer at SJG used to operate
the BBS contained electronically stored texts, work
product, documentary materials, and communications
stored for the purpose of public dissemination in
or affecting interstate commerce;
(a) This omission was material;
(b) Defendants omitted this material information
>from the warrant application knowingly or with
reckless disregard for the truth or falsity of the
application.
36. The Foley affidavit did not inform the
Magistrate that a computer used to operate the BBS
at SJG operated a forum for constitutionally
protected speech and association regarding
adventure games and related literary genres;
(a) This omission was material;
(b) Defendants omitted this material information
>from the warrant application knowingly or with
reckless disregard for the truth or falsity of the
application.
37. The Foley affidavit did not inform the
Magistrate that the computer used to operate the
BBS at SJG contained stored private electronic
communications;
(a) This omission was material;
(b) Defendants omitted this material information
>from the warrant application knowingly or with
reckless disregard for the truth or falsity of the
application.
38. The Foley affidavit falsely alleged that
the E911 text file was a "program." Foley Affidavit
paras. 8, 14, 17; (a) This false allegation
was material;
(b) Defendants made this material false
allegation knowingly or with reckless disregard for
its truth or falsity;
(c) Defendants Cook and Foley have acknowledged
that the E911 text file is not a program.
39. The affidavit of defendant Foley falsely
alleges that the information in the E911 text file
was "highly proprietary" and "sensitive". Foley
Affidavit paras. 13, 14, 22;
(a) This false allegation was material;
(b) Defendants made this material false
allegation knowingly or with reckless disregard for
its truth or falsity;
(c) Defendant Cook has acknowledged that much of
the information in the E911 text file had been
disclosed to the public.
40. The affidavit of defendant Foley falsely
alleges that the E911 text file was "worth
approximately $79,000.00," para. 4, and "engineered
at a cost of $79,449.00," para. 14;
(a) This false allegation was material;
(b) Defendants made this material false
allegation knowingly or with reckless disregard for
its truth or falsity;
(c) Defendant Cook has acknowledged that the
value of the nondisclosed information in the E911
text file was less than the $5000.00 jurisdictional
minimum for Interstate Transportation of Stolen
Property, 18 U.S.C. 2314.
41. Reasonable persons in defendants'
position would have known that the warrant was
invalid for the reasons given in paragraphs 27-40
and would not have requested or relied on the
warrant.The Search and Seizure:
42. Nevertheless, on March 1, 1990, defendant
Golden, other agents of the United States Secret
Service, and others acting in concert with them,
conducted a general search of the SJG office and
warehouse.
43. The searching officers prevented SJG
employees from entering their workplace or
conducting any business from 8:00 a.m. until after
1:00 p.m. on March 1, 1990.
44. The agents seized computer hardware and
related documentation, including, but not limited
to, the following:
(a) three central processing units;
(b) hard drives;
(c) hundreds of disks;
(d 2 monitors;
(e) 3 keyboards;
(f) 3 modems;
(g) a printer;
(h) electrical equipment including, but not limited
to, extension cords, cables, and adapters;
(i) screws, nuts, and other small parts.
45. The agents seized all computer hardware,
computer software, and supporting documentation
used by SJG to run the Illuminati BBS, thereby
causing the following to occur:
(a) the seizure of all programs, text files, and
public communications stored on the BBS computer;
(b) the seizure of all private electronic
communications stored on the system, including
electronic mail;
(c) preventing plaintiffs from operating and
using the BBS.
46. The agents seized computer software and
supporting documentation that SJG used in the
ordinary course of its business including, but not
limited to, word processing software.
47. The defendants seized all data stored on
the seized SJG computers and disks, including, but
not limited to, the following:
(a) SJG work product, including drafts of
forthcoming publications and games;
(b) Communications from customers and others
regarding SJG's games, books, and magazines;
(c) SJG financial projections;
(d) SJG contracts;
(e) SJG correspondence;
(f) SJG editorial manual, containing
instructions and procedures for writers and
editors;
(g) SJG address directories, contacts lists, and
employee information, including the home telephone
numbers of SJG employees.
48. The defendants seized all current drafts
-- both electronically stored copies and printed
("hard") copies -- of the book GURPS Cyberpunk,
which was scheduled to go to the printer later that
week.
(a) GURPS Cyberpunk was part of a series of
fantasy roleplaying game books published by SJG
called the Generic Universal Roleplaying System.
(b) The term "Cyberpunk" refers to a science
fiction literary genre which became popular in the
1980s. The Cyberpunk genre is characterized by the
fictional interaction of humans with technology and
the fictional struggle for power between
individuals, corporations, and government. One of
the most popular examples of the Cyberpunk genre is
William Gibson's critically acclaimed science
fiction novel Neuromancer, which was published in
1984.
(c) GURPS Cyberpunk is a fantasy roleplaying
game book of the Cyberpunk genre.
(d) SJG eventually published the book GURPS
Cyberpunk in 1990.
(e) The book has been distributed both
nationally and internationally.
(f) To date SJG has sold over 16,000 copies of
the book.
(g) The book has been nominated for an Origins
Award for Best Roleplaying Supplement.
(h) The book is used in at least one college
literature course as an example of the Cyberpunk
genre.
49. The search and seizure exceeded the scope
of the warrant, in that the searching officers
seized computer hardware, computer software, data,
documentation, work product, and correspondence
that did not constitute evidence, instrumentalities
or fruits of any crime.
50. The search was conducted in a reckless
and destructive fashion, in that the searching
officers caused damage to SJG property and left the
SJG office and warehouse in disarray.
Post-seizure Retention of Property
51. Plaintiffs Jackson and SJG put defendants
on immediate notice that they had seized the
current drafts of the about-to-be-published book
GURPS Cyberpunk and the computer hardware and
software necessary to operate a BBS and requested
immediate return of these materials.
52. SJG and Jackson made diligent efforts to
obtain the return of the seized equipment and data,
including but not limited to, retention of legal
counsel, numerous telephone calls to defendants
Cook and Foley by Jackson and SJG counsel, a trip
to the Austin Secret Service office, and
correspondence with defendants Cook and Foley and
with other federal officials.
53. On March 2, 1990, Jackson went to the
Austin office of the Secret Service in an
unsuccessful attempt to obtain the return of seized
documents and computer data, including the drafts
of the forthcoming book GURPS Cyberpunk and the
software and files stored on the Illuminati BBS.
54. On March 2, 1990, the Secret Service
refused to provide Jackson with the files
containing current drafts of GURPS Cyberpunk, one
agent calling the book a "handbook for computer
crime."
55. On March 2, 1990, the Secret Service also
refused to return copies of the software used to
run the Illuminati BBS and copies of any of the
data or communications stored on the BBS.
56. In the months following the seizure,
defendant Cook repeatedly gave Jackson and his
counsel false assurances that the property of SJG
would be returned within days.
57. In May of 1990, Jackson wrote to Senators
Philip Gramm and Lloyd Bentsen and Congressman J.
J. Pickle, regarding the search and seizure
conducted at SJG and requesting their assistance in
obtaining the return of SJG property.
58. On June 21, 1990, the Secret Service
returned most, but not all, of the computer
equipment that had been seized from SJG over three
months earlier.
59. The Secret Service did not return some of
SJG's hardware and data.
60. The Secret Service did not return any of
the printed drafts of GURPS Cyberpunk.
61. In July 3, 1990, letters to Senator
Bentsen and Congressman J. J. Pickle, Robert R.
Snow of the United States Secret Service falsely
stated that all of the items seized from SJG had
been returned to Jackson.
62. In his July 16, 1990, letter to Senator
Gramm, Bryce L. Harlow of the United States
Department of Treasuryfalsely stated that all of
the items seized from SJG had been returned to
Jackson.
63. Through counsel, SJG wrote to defendant
Foley on July 13, 1990, requesting, inter alia, a
copy of the application for the search warrant and
return of the property the government had not
returned. A copy of this letter was mailed to
Defendant Cook. Though the letter requested a
response by August 1, 1990, neither defendant
responded.
64. Through counsel, plaintiff SJG again
wrote to defendant Cook on August 8, 1990,
requesting, inter alia, a copy of the application
for the search warrant and return of the property
the government had not returned. Copies of this
letter were sent to other Assistant United States
Attorneys in Chicago, namely Thomas Durkin, Dean
Polales, and Michael Shepard.
65. Defendant Cook responded to this request
with an unsigned letter dated August 10, 1990. The
letter enclosed a number of documents that had not
previously been returned to SJG. The letter
further stated that "the application for the search
warrant is under seal with the United States
District Court in Texas since it contains
information relating to an ongoing federal
investigation."
66. On September 17, 1990, the warrant
affidavit was unsealed by the United States
Magistrate for the Western District of Texas on the
motion of the United States Attorney for the
Northern District of Illinois.
67. The United States Attorney's office did
not provide Jackson, SJG or their counsel with
notice of its motion to unseal the warrant
affidavit or of this Court's order granting its
motion.
Prior Restraint on Publication and Other Damages:
68. Defendants' seizure and retention of the
computer hardware and software used to operate the
Illuminati BBS prevented and interfered with
plaintiffs' operation and use of the Illuminati
BBS, including the following:
(a) In an attempt to minimize the damage caused
by defendants' conduct, SJG purchased replacement
computer hardware and software to operate the
Illuminati BBS;
(b) As a result of defendants' conduct, SJG was
unable to operate or use the Illuminati BBS for
over a month;
(c) As a result of defendants' conduct,
plaintiffs were deprived of the use of the
Illuminati BBS for over a month;
(d) Defendants seized and intercepted electronic
mail in which plaintiffs had a reasonable
expectation of privacy;
(e) Users of the BBS were substantially chilled
in their exercise of their constitutionally
protected rights of freedom of speech and
association;
(f) Some of the data previously available to
users of the Illuminati BBS was lost or destroyed.
69. Defendants' conduct caused a prior
restraint of the publication of the book GURPS
Cyberpunk, in that:
(a) On March 1, 1990, the book GURPS Cyberpunk
was nearly completed and scheduled to be sent to
the printer the following week;
(b) On March 1, 1990, defendants caused the
illegal seizure of all of the current drafts of
GURPS Cyberpunk, including both printed drafts and
electronically stored drafts.
(c) On March 1, 1990, Defendants caused the
illegal seizure of electronic communications stored
on the Illuminati BBS containing comments on GURPS
Cyberpunk.
(d) Defendants unreasonably refused for weeks to
return the electronically stored drafts of GURPS
Cyberpunk.
(e) Defendants have not yet returned the printed
drafts of GURPS Cyberpunk.
(f) Defendants refused to return electronically
stored comments regarding GURPS Cyberpunk for over
three months.
(g) By their conduct, defendants prevented SJG
>from delivering GURPS Cyberpunk to the printer on
schedule, and caused SJG to miss its publication
deadline.
(h) As a result of defendants' conduct, and in
an attempt to minimize damages, SJG and its
employeesreconstructed and rewrote GURPS Cyberpunk
>from older drafts.
(i) As a result of defendants' conduct, the
publication of GURPS Cyberpunk was delayed for six
weeks.
70. Defendants' conduct caused substantial
delay in the publication and delivery of other SJG
publications.
71. As a result of defendants' conduct, SJG
suffered substantial financial harm including, but
not limited to, lost sales, lost credit lines,
interest on loans, late payment penalties, and
attorney's fees and costs.
72. As a result of defendants' conduct, SJG
was forced to lay off 8 of its 17 employees.
73. As a result of defendants' conduct, SJG
suffered damage to its business reputation.
74. As a result of defendants' conduct, SJG
has suffered loss of, damage to, and conversion of
computer equipment and data, including, but not
limited to, the following:
(a) loss of and damage to computer hardware;
(b) loss and destruction of seized data;
75. Defendants have retained copies of data seized
>from SJG.
76. As a result of defendants' conduct,
plaintiff Steve Jackson has suffered additional
harm including, but not limited to, lost income,
damage to professional reputation,humiliation,
invasion of privacy, deprivation of constitutional
rights, and emotional distress.
77. As a result of defendants' conduct,
plaintiffs McCoy, Milliken, and O'Sullivan have
suffered additional harm including, but not limited
to, damages resulting from the seizure of their
private electronic mail and the interference with,
and temporary shut down of, the Illuminati forum
for speech and association, deprivation of their
constitutional rights, invasion of their privacy,
and emotional distress.
COUNT I:
PRIVACY PROTECTION ACT OF 1980,
42 U.S.C. 2000aa et seq
Against the United States Secret Service
and the United States of America
78. The allegations in paragraphs 1-77 are
incorporated herein by reference.
79. At all relevant times, SJG and its
employees were persons "reasonably believed to have
a purpose to disseminate to the public a newspaper,
book, broadcast, or other similar form of public
communication, in or affecting interstate or
foreign commerce" within the meaning of 42 U.S.C.
2000aa(a) and (b).
80. At all relevant times, SJG and its
employees possessed work product and documentary
materials in connection with a purpose to
disseminate to the public a newspaper, book,
broadcast, or other similar form of
publiccommunication, in or affecting interstate or
foreign commerce.
81. Defendants caused the submission of an
application for a warrant to search the business
premises of SJG and to seize work product materials
therefrom, in violation of 42 U.S.C. 2000aa, in
that:
(a) The Foley affidavit did not inform the
Magistrate that SJG and its employees were persons
"reasonably believed to have a purpose to
disseminate to the public a newspaper, book,
broadcast, or other similar form of public
communication, in or affecting interstate or
foreign commerce" within the meaning of 42 U.S.C.
2000aa(a) and (b).
(b) The Foley affidavit did not inform the
Magistrate that SJG and its employees possessed
work product materials and documentary materials in
connection with a purpose to disseminate to the
public a newspaper, book, broadcast, or other
similar form of public communication, in or
affecting interstate or foreign commerce.
(c) The Foley affidavit did not establish that
any of the exceptions to the statutory prohibition
of searches and seizures set out in 42 U.S.C.
2000aa(a) and (b) existed.
82. Defendants caused the March 1, 1990,
search of the business premises of SJG and seizure
of work product anddocumentary materials therefrom
in violation of 42 U.S.C. 2000aa et seq.
83. Defendants Cook, Foley, and Golden were
federal officers and employees acting within the
scope or under color of federal office or
employment.
84. Defendant Kluepfel acted in concert with
federal agents under color of federal office.
85. Plaintiffs SJG, Jackson, McCoy, Milliken,
and O'Sullivan are all persons aggrieved by
defendants' conduct, having suffered damages,
attorney's fees, and costs, as a direct result of
defendants' conduct.
86. The United States of American and the
United States Secret Service are liable to
plaintiffs for damages, attorney's fees and costs
caused by defendants' conduct.
COUNT II:
FIRST AMENDMENT
Against Defendants Cook, Foley, Golden & Kluepfel
87. The allegations in paragraphs 1-86 are
incorporated herein by reference.
88. Defendants violated plaintiffs' rights to
freedom of speech, freedom of the press, and
freedom of association as guaranteed by the First
Amendment, in that:
(a) At all relevant times SJG was a publisher of
books, magazines, and games protected by the First
Amendment;
(b) At all relevant times SJG was the operator
of a BBS that was a forum for speech and
association protected by the First Amendment;
(c) At all relevant times, plaintiffs SJG,
Jackson, McCoy, Milliken, and O'Sullivan used the
Illuminati BBS for speech and association protected
by the First Amendment;
(d) At all relevant times, plaintiff SJG used
computers to publish books, magazines, and games
and to operate the Illuminati BBS;
(e) The search, seizure, and retention of SJG
work product--both printed and electronically
stored--caused a prior restraint on SJG
publications in violation of plaintiffs' First
Amendment rights of freedom of speech and of the
press;
(f) The search and seizure of the Illuminati BBS
constituted a prior restraint on plaintiffs'
exercise of their First Amendment rights of freedom
of speech, of the press, and of association;
(g) The seizure and retention of computer
hardware and software used by SJG to publish books,
magazines, and games violated plaintiffs' rights to
freedom of speech and of the press;
(h) The seizure and retention of computer
hardware and software used by SJG to operate a BBS
violatedplaintiffs' First Amendment rights to
freedom of speech, of the press, and of
association.
89. Defendants knew or reasonably should have
known that their conduct violated plaintiffs'
clearly established First Amendment rights of
freedom of speech, freedom of the press, and
freedom of association.
90. Defendants acted with intent to violate,
or with reckless indifference to, plaintiffs'
clearly established First Amendment rights to
freedom of speech, freedom of the press, and
freedom of association.
91. Defendants Cook, Foley, and Golden acted
as federal agents and under color of federal law.
92. Defendant Kluepfel acted in concert with
the federal defendants under color of federal law.
93. As a direct result of the defendants'
conduct, plaintiffs have suffered damages.
COUNT III:
FOURTH AMENDMENT
Against Defendants Cook, Foley, Golden, and
Kluepfel
94. The allegations in paragraphs 1-93 are
incorporated herein by reference.
95. The defendants, by their actions,
violated plaintiffs' clearly established right to
be free from unreasonable searches and seizures as
guaranteed by the Fourth Amendment to the United
States Constitution, in that:
(a) Plaintiffs SJG and Jackson had a reasonable
expectation of privacy in the business premises of
SJG and in all SJG work product, SJG records, and
SJG documents kept there, including in all data
stored in the computers at SJG;
(b) All plaintiffs had a reasonable expectation
of privacy in private electronic communications
stored on the Illuminati BBS at SJG;
(c) The search and seizure at SJG games was a
general search;
(d) The search and seizure at SJG was not
authorized by a valid warrant particularly
describing the place to be searched and the things
to be seized;
(e) The search and seizure at SJG was conducted
without probable cause to believe that evidence of
criminal activity would be found at SJG;
(f) The search and seizure at SJG was based on
information that was not shown to be current;
(g) Defendants' warrant application was
materially false and misleading, and was submitted
by defendants with knowledge of its false and
misleading nature or with reckless disregard for
its truth or falsity.
96. The defendants knew, or reasonably should
have known, that their conduct violated plaintiffs'
clearly established constitutional right to be free
>from unreasonable searches and seizures.
97. The defendants acted with intent to
violate, or with reckless indifference to,
plaintiffs' clearly established Fourth Amendment
rights.
98. Defendants Cook, Foley, and Golden acted
as federal agents and under color of federal law.
99. Defendant Kluepfel acted in concert with
the federal defendants and under color of federal
law.
100. As a direct result of the defendants'
actions, plaintiffs suffered damages, attorney's
fees and costs.
COUNT IV:
ELECTRONIC COMMUNICATIONS PRIVACY ACT,
18 U.S.C. 2707
Seizure of Stored Electronic Communications
Against All Defendants
101. The allegations in paragraphs 1-100 are
incorporated herein by reference.
102. At all times relevant times, plaintiff
SJG was the provider of an electronic communication
service within the meaning of 18 U.S.C. 2510(15)
and 2707.
103. At all relevant times, plaintiffs SJG,
Jackson, McCoy, Milliken, and O'Sullivan were
subscribers to or customers of the electronic
communication service provided by SJG within the
meaning of 18 U.S.C. 2510(15) and 2707.
104. At all relevant times, plaintiffs had
electronic communications in electronic storage on
the communicationservice provided by SJG that were
not accessible to the general public.
105. Defendants applied for a warrant to
search and seize the computer operating the
electronic communication service provided by SJG
and all data stored thereon, but failed to inform
the Magistrate that the computer contained stored
electronic communications that were not accessible
to the general public.
106. Defendants, acting without a valid
warrant, required SJG to disclose the contents of
electronic communications that were not accessible
to the general public and that were in electronic
storage for 180 days or less, in violation of 18
U.S.C. 2703(a).
107. Defendants disrupted the normal
operations of the communication service operated by
SJG without compensation to plaintiffs in violation
of 18 U.S.C. 2706(a).
108. Defendants Cook, Foley, and Golden acted
as federal agents and under color of federal law.
109. Defendant Kluepfel acted in concert with
the federal defendants and under color of federal
law.
110. Defendants acted knowingly and
intentionally.
111. Defendants did not act in good faith.
112. Plaintiffs were aggrieved by defendants'
conduct, and suffered damages, attorney's fees and
costs.
COUNT V:
ELECTRONIC COMMUNICATIONS PRIVACY ACT,
18 U.S.C. 2510 et seq.
Interception of Electronic Communications
Against All Defendants
113. The allegations in paragraphs 1-112 are
incorporated herein by reference.
114. Defendants intercepted, disclosed, or
intentionally used plaintiffs' electronic
communications in violation of 18 U.S.C. 2510 et
seq and 2520.
115. Defendants intentionally intercepted,
endeavored to intercept, or procured others to
intercept or endeavor to intercept, plaintiffs'
electronic communications in violation of 18 U.S.C.
2511(1)(a).
116. Defendants did not comply with the
standards and procedures prescribed in 18 U.S.C.
2518.
117. The warrant application was not
authorized by the Attorney General, Deputy Attorney
General, Associate Attorney General, or any
Assistant Attorney general, acting Assistant
Attorney General, or any Deputy Assistant Attorney
General in the Criminal Division specially
designated by the Attorney General, in violation of
18 U.S.C. 2516.
118. Defendants Cook, Foley, and Golden acted
as federal agents and under color of federal law.
119. Defendant Kluepfel acted in concert with
the federal defendants and under color of federal
law.
120. Defendants did not act in good faith.
121. Defendants did not compensate plaintiffs
for reasonable expenses incurred by defendants'
seizure of the Illuminati BBS, in violation of 18
U.S.C. 2518(4).
122. As a direct result of defendants'
conduct, plaintiffs suffered damages, attorney's
fees and costs.
Prayers for Relief
WHEREFORE, plaintiffs SJG, Jackson, McCoy,
Milliken, and O'Sullivan pray that this Court:
1. Assume jurisdiction of this case.
2. Enter judgment against defendants and in
favor of plaintiffs.
3. Enter an order requiring defendants to
return all property and data seized from the
premises of SJG, and all copies of such data, to
SJG.
4. Award plaintiffs damages.
5. Award plaintiffs punitive and liquidated
damages.
6. Award plaintiffs all costs incurred in the
prosecution of this action, including reasonable
attorney's fees.
7. Provide such additional relief as may
appear to the Court to be just.
PLAINTIFFS DEMAND A JURY TRIAL ON ALL CLAIMS
TRIABLE BY JURY
Dated: May 1, 1991
Respectfully submitted
by their attorneys,
_____________________________
Sharon L. Beckman
Harvey A. Silverglate
Andrew Good
SILVERGLATE & GOOD
89 Broad St., 14th floor
Boston, MA 02110
(617) 542-6663
Fax: (617) 451-6971
____________________________
Eric M. Lieberman
Nicholas E. Poser
Rabinowitz, Boudin, Standard,
Krinsky & Lieberman, P.C.
740 Broadway, at Astor Place
New York, NY 10003-9518
(212) 254-1111
Fax: (212) 674-4614
___________________________
R. James George, Jr.
Graves, Dougherty,
Hearon & Moody
2300 NCNB Tower
515 Congress Street
Austin, Texas 78701
(512) 480-5600
Fax: (512) 478-1976
====================================================================
/ /
/ File 07 / NIA071 /
/ Comments From Editors /
/ JD & LMcD /
/ /
Hello, welcome to the new issue NIA071. This issue was primarily to put out
things that do not go anywhere else. It is a collection of some text that
would not normaly fit into a normal issue.
We realize it has been quite some time between NIA070 and NIA071, we do
remind you that NIA is released on a non-scheduled basis. Rather, it is
released when we have enough material for a new issue. On that note, please
share what you have with the rest of the community. Submissions go to
elisem@nuchat.sccsi.com
We have received a lot of attention regarding Sir Hackalot's article in the
previous release. We appreciate your comments, but let us remind you that
we are editors, not censors. This file contained information useful not
only to the underground community but also to system administrators, operators
and users about general unix security. If this file was presented in an
offensive manner, than excuse us. It was not meant to please everybody.
In releasing issue 70, a problem with our maillist occured. We apologize
for anyone who was inconvenienced by this. The problem has been fixed.
Look for the new NIA072 coming out within the next month, it will be a
very informative issue. Also to add to this note, Phrack will be releasing
(hopefully) an issue in late May. To EFF, the best of luck in your case
against the SS. A final note, Doctor Dissector has officially retired but
can be reached at doctord@darkside.com
Submissions, questions, comments and subscriptions can be mailed to
elisem@nuchat.sccsi.com. Our files can be found on Ripco BBS and the
CuD archive server (Ref: CuD Newsletter).
"There's something about a beautiful woman without a brain in her head
that can still be exiting."
--Oliver Stone
JD & LMcD
Ignorance, There's No Excuse.
"Forcing the issue was always worth it."--Jello Biafra
NIA - Network Information Access
=============================================================================